Troubleshooting Authentication
Common API authentication issues and their resolutions.
401 Unauthorized Error
Cause: The API key is invalid, expired, or missing from the request.
Common issues:
- The key was not copied completely
- Extra whitespace was included when copying the key
- The key has reached its expiration date
- The Authorization header is malformed
Resolution steps:
- Verify the key is copied correctly without extra spaces
- Check the expiration date in Configuration → API Keys
- Confirm the header format is exactly:
Authorization: Bearer <key> - If the key is expired or lost, generate a new one
403 Forbidden Error
Cause: The API key is valid but does not have the required permissions for the requested operation.
Common scenarios:
- Attempting to create or modify rules without Policy Definition permission
- Calling
/api/scanendpoints without Data Scanning permission - Modifying system configuration without Admin access
Resolution:
Check the key's permissions in Configuration → API Keys. If additional permissions are needed, generate a new key with the appropriate permissions.
Header Formatting Issues
Incorrect header formatting is a common integration issue. Ensure the Authorization header is formatted correctly:
# Incorrect - missing "Bearer " prefix
headers = {"Authorization": API_KEY}
# Incorrect - extra quotation marks
headers = {"Authorization": f'"Bearer {API_KEY}"'}
# Correct format
headers = {"Authorization": f"Bearer {API_KEY}"}
Related Topics
- Generating API Keys - Create new keys
- Validating API Keys - Test key configuration
- Using API Keys - Integration examples