api_key.invalid
The JWT failed ES256 signature verification, audience check, or structural shape check.
api_key.invalid is returned when the JWT presented as an API key fails ES256 signature verification, the aud claim does not match the expected audience, or the token structure does not conform to the expected shape. This is distinct from expiry (api_key.expired) and revocation (api_key.revoked).
The JWT was tampered with, truncated, constructed outside the platform, or the wrong key was pasted. The ES256 public key is rotated via JWKS.
Retrieve the original JWT from when the key was minted (it is shown only once). If lost, revoke the key and mint a new one.
{
"error": {
"code": "api_key.invalid",
"message": "JWT signature or shape invalid",
"request_id": "req_01900000abc"
}
}