UNAUTHORIZED

The Bearer token is missing, malformed, or has been revoked.

CodeHTTP statusRetryable?
UNAUTHORIZED401No

What this means

UNAUTHORIZED fires when the `Authorization` header is missing entirely, isn't formatted as `Bearer <token>`, or the token doesn't match any active API key in the Onto database. Revoking a key from the dashboard takes effect immediately — in-flight requests using a revoked key will start receiving 401s on the next round-trip.

When you'll see it

HTTP 401. Body always includes code: "UNAUTHORIZED". Branch on code, never on the human-readable message — wording can change without notice; the code is the stable contract.

Example response

json
{
  "status": "error",
  "code": "UNAUTHORIZED",
  "message": "Invalid or revoked API key"
}

How to handle

Re-issue a key from app.buildonto.dev/read/keys. Each user can have multiple active keys, so rotate one at a time to avoid downtime. Treat the key like any other secret: don't commit it, don't log it, prefer an environment variable. If your application is multi-tenant, scope keys per workspace so revocation is surgical.

Do NOT retry blindly. Account-level issue. Escalate to ops; rotating retries won't fix it.

Suggested handling in a Node client:

ts
if (data.code === 'UNAUTHORIZED') {
  // Your key got revoked or expired — page ops, do not retry blindly.
  notifyOps('Onto API key is invalid; rotate from dashboard');
  throw new Error('Onto: UNAUTHORIZED — refresh your key');
}
CodeStatusWhat it means
PLAN_RESTRICTEDHTTP 403The action requires a higher plan tier — e.g. purchasing credits on the Free tier.
RATE_LIMITEDHTTP 429Monthly request quota exceeded — your plan is hard-capped (typically Free).

See the full error index for the complete catalog with the handling switch statement covering every code at once.