API returned 401. My key was valid. Spent 3 hours finding out why.

API returned 401. My key was valid. Spent 3 hours finding out why. Hit an API that kept rejecting my requests. Error said 401 Unauthorized. My API key was literally copied straight from their dashboard. What broke Building a script to pull data from a client analytics API. Got my API key, set it in the header, made the request. Got back: { "error" : "Unauthorized" , "message" : "Invalid API key" } Checked the key. Triple checked it. Copy pasted it again. Still 401. Everything obvious didn't work Googled the error. Stack Overflow said check your key format. I did. Looked fine. Tried: Regenerated the API key twice Used curl instead of Python to rule out my code Added the key as query parameter instead of header Checked if my IP was maybe blocked None of it worked. Getting frustrated at this point. What actually fixed it Read their docs again. Fourth time. Found this buried in the authentication reference section: "API keys must be Base64 encoded before sending" They give you a plaintext