Why am I getting "Invalid API Key or Token" when my key is correct? : SMS.to

Symptom: The API returns a 401 / success:false with "Invalid API Key or Token" even though the key shown in your dashboard is correct.

Most common cause: an IP whitelist on the key. If a key has one or more whitelisted IPs, requests from any other IP are rejected with this error - even though the key itself is valid.

How to check: open the API Keys screen in your SMS.to dashboard and look at the Whitelisted IP(s) column for the key.

Fix: add the public IP your application sends from to the key's whitelist. If you are unsure of your sending IP, check with your hosting provider or test from the server that will send the messages. Leaving the whitelist empty removes the restriction entirely - less secure, only do this if you understand the tradeoff.

Still failing after whitelisting the correct IP? Contact support with the exact error, the endpoint you are calling, and the approximate time of the failed request.

Why am I getting "Invalid API Key or Token" when my key is correct?

Why am I getting "Invalid API Key or Token" when my key is correct? Print

Related Articles