apparent-cyan•4w ago
Persistent 401 “Invalid Key” on /call/web despite fresh public keys
Hi Vapi Support,
I'm consistently getting a 401 Unauthorized error with the message "Invalid Key. Hot tip, you may be using the private key instead of the public key, or vice versa." when calling the /call/web endpoint.
What I've done:
• I am using the public key, not the private key.
• The assistant ID is correctly set and from the same organization as the key.
• I've tried multiple regenerated public keys — all return the same 401 error.
• I've confirmed that allowed assistants and allowed origins are blank (default, unrestricted).
• I tested from both the frontend browser dev tools and backend
At this point, I'm unsure why the request is still unauthorized.
Request:
Could someone please help me identify what’s causing the 401 and resolve it
Thanks
9 Replies
Thank you for the detailed troubleshooting steps. To help narrow this down: Can you confirm exactly how you are passing your authentication credentials in the request to
/call/web (e.g., are you using an Authorization: Bearer <token> header, or sending the public key in a different way)? This will help determine if the issue is with the authentication method or the key itself.
If possible, please share a (redacted) example of your request headers.
Source:
- Vapi Server Authentication Documentation⤵️ Mention @Vapi Support Bot for follow-ups 🐥
apparent-cyanOP•4w ago
Yes, I can confirm that I am passing the authentication credentials via the Authorization header using the correct Bearer token format.
Here’s exactly how the request is being made:
POST https://api.vapi.ai/call/web
Authorization: Bearer pbk_live_my key
Content-Type: application/json
And here is a redacted example of the full request:
curl -i https://api.vapi.ai/call/web \
-H 'Authorization: Bearer pbk_live_my key' \
-H 'Content-Type: application/json' \
--data '{
"assistantId": "asst_6450e619-6972-4130-95c9-5896f446e3e4",
"metadata": {}
}'
@Vapi Support Bot
Suggestion: Please double-check that your public key is both enabled and active in the Vapi dashboard API Keys page, and that it is not restricted by any organization or assistant-level settings. As a test, try generating a brand new public key, ensure it is enabled, and use it in a minimal request like below:
If this still returns a 401, please confirm the new key is visible and enabled in your dashboard, as key status is a common cause for this error (see docs).
Source:
- Vapi Server Authentication Documentation
apparent-cyanOP•4w ago
yes ive tested witrh multiple new keys and i can see it in my dashboard
tried it once again just now with a brand new key and still got the 401
@Duckie help
Since you've confirmed your public key is enabled, visible, and unrestricted, but still receive a 401, try creating a new API key, then immediately log out and back into the Vapi dashboard before using the new key—this can refresh key permissions and resolve sync issues. After re-logging in, use the following minimal request to test:
If the issue persists, please contact Vapi support directly with your request ID and a screenshot of your API Keys dashboard for further investigation.
Source:
- Vapi Server Authentication Documentation
Could you try using this simple cURL request to make sure your key works?
You can also use the documentation API request tool on this page --> https://docs.vapi.ai/api-reference/assistants/list?explorer=true
If the public doesn't work, switch to the private key temporarily.
apparent-cyanOP•4w ago
yeah i ran it in my terminal got the hot tip thing
i didnt run that exact command thought i can do that once im home
apparent-cyanOP•4w ago
this is with the public key as bearer token
Could you also try the private key? That one usually works best for me in my own testing.