elevenlabs-401ElevenLabscritical

Unauthorized

Your ElevenLabs API key is invalid, expired, or missing from the request headers.

What this error means

The elevenlabs-401 error indicates that your request to the ElevenLabs API failed authentication. This occurs when the API key provided in your request headers is invalid (malformed or non-existent), has expired, or was not included in the request at all. The ElevenLabs service cannot verify your identity or confirm that you have permission to use their API, so the request is rejected before any processing occurs.

Root causes

critical

API key is missing from request headers entirely

Common

critical

API key is malformed, incomplete, or contains typos

Common

critical

API key has been revoked or invalidated in the ElevenLabs dashboard

Occasional

critical

API key is being sent in the wrong header field (not 'xi-api-key' for ElevenLabs)

Common

critical

API key belongs to a different ElevenLabs account or workspace than expected

Occasional

critical

API key has been regenerated and the old key is still being used

Occasional

How to fix it

  1. 1

    Verify API key exists in your configuration

    Check that you have a valid ElevenLabs API key stored in your environment variables, configuration files, or application secrets. Log the header being sent (without logging the full key) to confirm it's present. If missing, obtain a key from the ElevenLabs dashboard at https://elevenlabs.io/app/billing/api-keys.

  2. 2

    Confirm the correct header field is being used

    ElevenLabs requires the API key to be sent in the 'xi-api-key' header, not 'Authorization' or other standard header names. Verify your HTTP client is setting this header correctly.

    // Correct format for ElevenLabs
const headers = {
  'xi-api-key': process.env.ELEVENLABS_API_KEY,
  'Content-Type': 'application/json'
};

// Incorrect - this will fail
const wrongHeaders = {
  'Authorization': `Bearer ${process.env.ELEVENLABS_API_KEY}`
};
  3. 3

    Regenerate your API key

    Log in to your ElevenLabs account and navigate to the API keys page. Delete the current key and generate a new one. Copy the new key carefully and update it in all locations where it's stored (environment variables, secrets manager, configuration files). Test immediately after updating.

  4. 4

    Verify the key has not expired or been revoked

    Check the ElevenLabs dashboard to ensure your API key is active and has not reached an expiration date. Look for any security alerts or notifications indicating the key was revoked. If your subscription is inactive or expired, your API keys may be disabled.

  5. 5

    Test with a simple API call

    Make a basic request (such as getting your user info) with your API key to confirm it's valid before attempting more complex operations.

    curl -H 'xi-api-key: YOUR_API_KEY' \
  https://api.elevenlabs.io/v1/user
  6. 6

    Check for whitespace or encoding issues

    Ensure your API key doesn't have leading/trailing whitespace, line breaks, or special characters. If loading from environment variables, trim the value. Verify it's being read as a plain UTF-8 string without accidental encoding.

Prevention

Implement centralized secret management using environment variables, a secrets vault (AWS Secrets Manager, HashiCorp Vault, etc.), or your platform's built-in secret storage. Never hardcode API keys in source code. Regularly audit which keys are active and rotate them periodically (e.g., every 90 days). Add monitoring to detect unusual authentication failures, and set up alerts if 401 errors spike suddenly. Document the correct header format in your team's API integration guidelines and use code templates that enforce the correct headers. Test your configuration in a staging environment before deploying to production.

Debugging this right now?

Sherlock diagnoses elevenlabs-401 automatically. Just ask in Slack and get an instant root-cause analysis.

Add to Slack — Free
← All error codes