Authentication Issues

Common authentication problems and their solutions when working with the BuyWhere API.

401 Unauthorized Errors

Symptoms

• Receiving HTTP 401 responses with messages like "Unauthorized" or "Invalid API key"
• API requests failing immediately upon sending

Diagnosis Steps

1. Verify API Key Format: Ensure your key follows the correct format:

   • Live keys: bw_live_xxxxx
   • Free keys: bw_free_xxxxx
   • Partner keys: bw_partner_xxxxx

2. Check Header Format: The Authorization header must be formatted as:

   Authorization: Bearer YOUR_API_KEY
   

   Note the space between "Bearer" and your key.

3. Validate Key Status: Check if your key has been revoked or expired in the developer dashboard.

Common Fixes

• Remove any quotes around the API key in curl commands
• Ensure no trailing spaces or newlines in your configuration
• Use the correct environment variable if storing the key externally
• Verify you're using the correct key for your environment (live vs test)

Example cURL Command

curl "https://api.buywhere.ai/v1/products/stats" \
  -H "Authorization: Bearer bw_live_your_actual_key_here"

403 Forbidden Errors

Symptoms

• Receiving HTTP 403 responses with "Forbidden" or "Insufficient permissions"
• Authenticated requests that should work are being blocked

Diagnosis Steps

1. Check Key Permissions: Ensure your API key has the required permissions for the endpoint you're accessing
2. Verify Endpoint Access: Some endpoints may require specific permission levels
3. Review Rate Limits: Although 403 is typically for permissions, sometimes rate limiting manifests as 403

Common Fixes

• Upgrade your API key tier if you need higher permissions
• Contact support to verify your key has the correct scopes
• Check if you're trying to access enterprise-only endpoints with a free/pro key

Related Resources

• Authentication Section in Developer FAQ
• API Key Management Guide