​

unauthorized

​

Example response

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key",
    "docs_url": "https://docs.vatly.dev/errors/unauthorized"
  },
  "meta": {
    "request_id": "550e8400-e29b-41d4-a716-446655440000"
  }
}

​

What happened?

• No Authorization header is present
• The header format is wrong (not Bearer <key>)
• The API key doesn’t match any active key in the system
• The API key has been revoked or deactivated

​

How to fix

1. Add the Authorization header with the Bearer scheme:
   curl -H "Authorization: Bearer vtly_live_your_api_key" \
     "https://api.vatly.dev/v1/validate?vat_number=NL123456789B01"
   
2. Check your key: Make sure you’re using the complete key, including the vtly_live_ prefix
3. Generate a new key if you’ve lost your original. Keys are stored as SHA-256 hashes and cannot be recovered

​

Common mistakes

• Missing Bearer prefix: Authorization: vtly_live_xxx won’t work, it must be Authorization: Bearer vtly_live_xxx
• Extra whitespace: Check for trailing spaces or newlines in your key
• Using a revoked key: If you’ve regenerated your key, the old one no longer works
• Environment mismatch: Make sure you’re using the right key for the right environment

​

Catching this error with the SDKs

import Vatly, { AuthenticationError } from '@vatly/node';

const vatly = new Vatly('vtly_live_your_api_key');
const { data, error } = await vatly.vat.validate({ vatNumber: '...' });

if (error instanceof AuthenticationError) {
  console.log(error.message);
}

​

Related errors

• rate_limit_exceeded - Key is valid but quota is used up