HTTP Request Node Returning 401 Unauthorized Even with API Key

Keira_Becky · March 31, 2026, 9:56am

Hi everyone, I’m running into an issue with the HTTP Request node. I’m trying to call an API using an API key, but I keep getting a 401 Unauthorized response.
My workflow is:
Set → HTTP Request
In the Set node, I store the API key:
{
“api_key”: “123456789”
}
Then in the HTTP Request node, I add it to headers like this:
{
“Authorization”: “Bearer {{$json.api_key}}”
}
But the API keeps returning:
{
“error”: “Unauthorized”
}

Describe the problem/error/question

I’m not sure if:
The header format is wrong
The API expects it in a different place (query/body)
Or n8n is not passing the value correctly

What is the error message (if any)?

Please share your workflow

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)

Share the output returned by the last node

Information on your n8n setup

n8n version:
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:

barn4k · March 31, 2026, 9:59am

Hello @Keira_Becky

For Bearer tokens better to use Bearer Auth type ( Credentials >> Generic >> Bearer Auth).

Do not specify the Header Auth in the cleartext. Moreover, it may not work, as you are not building a proper JSON object. It will break if your password has, e.g., double quotes.

Niffzy · March 31, 2026, 10:04am

Hi @Keira_Becky

This usually is how the API expects the key.

Not all APIs use: Authorization: Bearer YOUR_KEY

Check the correct header format
Some APIs want:{
“x-api-key”: “{{$json.api_key}}”
}

Or: {
“Authorization”: “ApiKey {{$json.api_key}}”
}

Also Check if it should be in query instead

https://api.example.com/data?api_key={{$json.api_key}}

Make sure the value is actually passed

Test with:{{$json.api_key}}

in the node to confirm it’s not empty.

Benjamin_Behrens · March 31, 2026, 11:03am

ran into this exact same thing with a stripe api call last week — the header format is super picky depending on the api. barn4k’s right though, Bearer Auth credential is way better than hardcoding it in the header, avoids escaping issues

Keira_Becky · March 31, 2026, 11:48am

Thanks @barn4k @Niffzy

Thanks, both of these helped. I’ll first try using Bearer Auth via credentials, and if that doesn’t work I’ll double-check the API’s required header format. Appreciate the guidance from both sides

Benjamin_Behrens · March 31, 2026, 12:35pm

Good luck! Bearer Auth credentials is definitely the cleaner route — avoids a lot of the escaping headaches. Hope it works out!

system · April 7, 2026, 12:36pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.