Error Reference
Authentication Errors
Troubleshooting API key and authentication issues
Complete guide to resolving authentication and API key errors.
Error: Invalid API Key
HTTP Status: 401 Unauthorized
{
"error": {
"code": "authentication_failed",
"message": "Invalid API key"
}
}Common Causes
- Typo in API key
# Typo or incomplete key
# client = BrainusAI(api_key="brainus_1234")
# Correct full key (loaded from env)
# client = BrainusAI(api_key=os.getenv("BRAINUS_API_KEY"))- Key was revoked
Check if your key still exists in the Dashboard.
- Wrong environment
# Using test key for production
# client = BrainusAI(api_key="sk_test_...") # Won't work in production
# Use correct environment
# client = BrainusAI(api_key=os.getenv("BRAINUS_API_KEY"))Solutions
Step 1: Verify your API key
# Check environment variable
echo $BRAINUS_API_KEY
# Test the key
curl -X POST "https://api.brainus.lk/api/v1/query" \
-H "X-API-Key: $BRAINUS_API_KEY" \
-H "Content-Type: application/json" \
-d '{"query": "test", "store_id": "default"}'Step 2: Generate new key if needed
- Go to Dashboard ā API Keys
- Click "Generate New Key"
- Update your environment variable
Error: Missing API Key
HTTP Status: 401 Unauthorized
{
"error": {
"code": "missing_api_key",
"message": "API key is required"
}
}Common Causes
- Forgot to set environment variable
# Check if set
env | grep BRAINUS_API_KEY
# If empty, set it
export BRAINUS_API_KEY=brainus_your_key_here- Not loading .env file
# Forgot to load .env
from brainus_ai import BrainusAI
import os
# client = BrainusAI(api_key=os.getenv("BRAINUS_API_KEY")) # None!
# Load .env first
from dotenv import load_dotenv
import os
load_dotenv() # Important!
client = BrainusAI(api_key=os.getenv("BRAINUS_API_KEY"))- Header not set correctly
# Wrong header
curl -H "Authorization: Bearer brainus_..."
# Correct header
curl -H "X-API-Key: $BRAINUS_API_KEY"Error: API Key Revoked
HTTP Status: 401 Unauthorized
{
"error": {
"code": "api_key_revoked",
"message": "This API key has been revoked"
}
}What to Do
- Check if someone on your team revoked the key
- Generate a new key
- Update all services using the old key
- Set up alerts for key revocations
Error: Forbidden
HTTP Status: 403 Forbidden
{
"error": {
"code": "forbidden",
"message": "API key does not have permission to access this resource"
}
}Common Causes
- Using a read-only key for write operations
- API key restricted to specific IP addresses
- Plan doesn't include this feature
Solutions
# Check your plan limits using SDK (pseudo-code)
# usage = await client.get_usage()
# print(f"Plan: {usage.plan}")Debugging Authentication Issues
1. Test API Key Directly
# Test with curl
curl -i -X POST "https://api.brainus.lk/api/v1/query" \
-H "X-API-Key: $BRAINUS_API_KEY" \
-H "Content-Type: application/json" \
-d '{"query": "test", "store_id": "default"}'2. Check Key Format
Valid key format:
- Starts with
brainus_orsk_test_ - 32+ characters long
- Only alphanumeric characters
import re
import os
def validate_key_format(api_key: str) -> bool:
pattern = r'^sk_(live|test)_[a-zA-Z0-9]{32,}$'
return bool(re.match(pattern, api_key))
key = os.getenv("BRAINUS_API_KEY")
if key and not validate_key_format(key):
print("Invalid key format!")3. Enable Request Logging
import logging
import requests
from brainus_ai import BrainusAI
# Enable debug logging
logging.basicConfig(level=logging.DEBUG)
# See actual headers sent
# client = BrainusAI(api_key="brainus_your_key")4. Verify Environment
import os
# Print environment (hide sensitive parts)
api_key = os.getenv("BRAINUS_API_KEY", "")
if api_key:
print(f"Key found: {api_key[:10]}...{api_key[-4:]}")
else:
print("BRAINUS_API_KEY not set!")Security Best Practices
- Never log full API keys
# Bad: Logs full key
# logging.info(f"Using key: {api_key}")
# Good: Mask key
logging.info(f"Using key: {api_key[:10]}...{api_key[-4:]}")- Rotate keys regularly
# Every 90 days
0 0 1 */3 * /scripts/rotate-api-keys.sh- Use different keys per environment
# Development
BRAINUS_API_KEY=sk_test_dev_key
# Production
BRAINUS_API_KEY=brainus_prod_keyCommon Mistakes
1. Hardcoded Keys
# NEVER do this
# client = BrainusAI(api_key="brainus_1234567890abcdef")
# Use environment variables
from brainus_ai import BrainusAI
import os
client = BrainusAI(api_key=os.getenv("BRAINUS_API_KEY"))2. Exposed in Frontend
// NEVER expose in browser
import { BrainusAI } from '@brainus/ai';
// const client = new BrainusAI({
// apiKey: "brainus_1234567890...", // Visible to users!
// });
// Use backend proxy
const response = await fetch("/api/query", {
method: "POST",
body: JSON.stringify({ query: "test" }),
});3. Committed to Git
# Add .env to .gitignore
echo ".env" >> .gitignore
# If you accidentally committed a key:
# 1. Revoke it immediately
# 2. Generate a new key
# 3. Use git-secrets or similar toolsIf you've exposed an API key publicly, revoke it immediately at Dashboard ā API Keys.
Quick Fix Checklist
When authentication fails:
- Verify API key is set:
echo $BRAINUS_API_KEY - Check key format:
brainus_...orsk_test_... - Confirm key exists in dashboard
- Test with curl command above
- Check .env file is loaded
- Verify correct header:
X-API-Key - Review firewall/network settings
Next Steps
- Security Best Practices - Keep keys safe
- Managing API Keys - Create and rotate keys
- Common Errors - Other frequent errors