Repull
DocumentationAPI ReferenceBuild with AIChannelsKnowledge BaseWebhooks
Docs/Documentation/Errors

unauthorized

Missing or invalid API key.

HTTP 401The request was not authenticated.

When it fires

Repull could not associate the request with a workspace. The most common triggers are:

  • The Authorization header is missing entirely.
  • The header is present but does not start with Bearer (with a trailing space).
  • The key was deleted, rotated, or revoked from the dashboard.
  • You are using a sandbox key (sk_test_…) against a live endpoint, or vice versa.
  • The key was URL-encoded somewhere along the way and is no longer a valid token.

Response shape

Every Repull error follows the same envelope. The code is stable and safe to switch on.

{
  "error": {
    "code": "unauthorized",
    "message": "<human-readable explanation of what went wrong>",
    "docs_url": "https://repull.dev/docs/errors/unauthorized"
  }
}

How to fix

  1. Open /dashboard/keys and confirm the key you are sending still exists.
  2. Send the key in an Authorization header — Bearer scheme, single space, no quotes: `Authorization: Bearer sk_test_…`.
  3. If you are using a proxy or framework that lowercases or strips Authorization, switch to the alternate `x-api-key` header which is also accepted.
  4. Re-issue the key from the dashboard if you suspect it was leaked or rotated. The previous value stops working immediately.
  5. Confirm the host is `api.repull.dev` — sending a Repull key to another host returns the host's own auth error, not this one.

Common gotchas

  • The error fires before any per-route logic runs, so the response will not echo the resource id you tried to access. Check your client logs to figure out which request failed.
  • CORS preflights (OPTIONS) never carry the auth header — they always succeed without it. If your browser console shows a green preflight followed by a 401, the bug is in the actual request, not preflight.
  • Curling with a stale $REPULL_KEY shell var is a common dev-loop trap. Restart your shell orunset REPULL_KEY after rotating.

Examples

curl

# Will fail with 401 unauthorized
curl https://api.repull.dev/v1/listings

# Will succeed
curl https://api.repull.dev/v1/listings \
  -H "Authorization: Bearer sk_test_YOUR_KEY"

TypeScript

import { Repull } from '@repull/sdk'

const repull = new Repull({ apiKey: process.env.REPULL_KEY! })

try {
  await repull.listings.list()
} catch (err: any) {
  if (err.code === 'unauthorized') {
    // Treat as a config issue — DON'T retry. Surface to the operator
    // so they can rotate / re-issue from /dashboard/keys.
    console.error('Repull auth failed — check REPULL_KEY env var')
  }
  throw err
}

If you're an AI agent

Stop. Do not retry the same key. Either the key is missing from the request or it is no longer valid. Ask the user to paste a fresh key from /dashboard/keys, then send it as `Authorization: Bearer <key>` on the next request.

Related

Hit an error that isn't covered? Email hello@repull.dev with the request id from the response headers.

PreviousOverviewNextforbidden
AI