ElevenLabs

ElevenLabs API Authentication Error — How to Fix the 401 Response

The ElevenLabs API returns a 401 authentication error when your request cannot be verified as coming from an authorized account. This typically happens when the API key is missing, malformed, or passed using the wrong header name. Developers integrating text-to-speech features are most likely to encounter this error during initial setup or after an API key rotation.

Why does this error happen?

ElevenLabs uses a custom header-based authentication scheme that requires your API key to be sent in the `xi-api-key` header on every request. Unlike some APIs that accept Bearer tokens in the `Authorization` header, ElevenLabs will reject requests that use the wrong header name entirely. A 401 error is also triggered when the API key has been revoked, when the account is suspended or inactive, or when invisible whitespace characters have been accidentally included in the key string — a common issue when copying keys from browser interfaces or environment variable files.

✓

How to fix it

Regenerate Your API Key

Navigate to elevenlabs.io/profile and scroll to the API section to generate a fresh API key. Copy the new key immediately and store it securely, as it may not be shown again in full. Replace your old key everywhere it is used, including environment variables and deployment secrets.

Pass the Key in the Correct Header

ElevenLabs requires the API key to be sent in the `xi-api-key` header, not in a standard `Authorization: Bearer` header. Double-check your fetch or HTTP client configuration to ensure the header name is exactly `xi-api-key` with no typos or capitalization differences. Any deviation from this exact header name will result in a 401 response.

Remove Extra Whitespace from the API Key

When pasting an API key into a `.env` file or config object, it is easy to accidentally include a leading or trailing space that is invisible to the naked eye. Trim the key value in your code using `.trim()` or verify your environment variable contains no surrounding whitespace before passing it to the header. Even a single extra character will cause authentication to fail.

Confirm Your Account Is Active

Log in to elevenlabs.io and verify that your account is in good standing and has not been suspended due to billing issues or a terms violation. If your subscription has expired, your API key may still exist but will return 401 errors until the account is reactivated. Upgrading or renewing your plan will immediately restore API access.

Code example

// Correct ElevenLabs API header
fetch('https://api.elevenlabs.io/v1/text-to-speech/voice_id', {
  headers: {
    'xi-api-key': process.env.ELEVENLABS_API_KEY,
    'Content-Type': 'application/json'
  }
})

Pro tip

Store your ElevenLabs API key in a `.env` file and always access it via `process.env.ELEVENLABS_API_KEY.trim()` to automatically strip any accidental whitespace before the key is sent in the request header.

Frequently asked questions

Why does my ElevenLabs API key work in the dashboard but return 401 in my code?

The dashboard authenticates your session via a browser cookie, while the API requires the `xi-api-key` header to be explicitly included in each programmatic request. Make sure your code is reading the correct environment variable and that the key has not been accidentally truncated or altered during copy-paste.

Can I use the same ElevenLabs API key across multiple projects?

Yes, a single API key can be used across multiple projects and environments, but rotating keys regularly is a security best practice. If a key is ever exposed or compromised, regenerate it immediately from your profile settings and update all projects that reference it.

Does ElevenLabs support Bearer token authentication?

No, ElevenLabs does not use the standard `Authorization: Bearer` scheme for API authentication. All requests must include the API key in the custom `xi-api-key` header, and using any other format will result in a 401 error.

Related Guides

← Back to all guides