> ## Documentation Index
> Fetch the complete documentation index at: https://docs.poesius.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication Errors

> How to handle authentication errors

## Common Authentication Errors

### Missing Authentication

```json theme={null}
{
  "detail": "Authentication required. Provide Authorization: Bearer <token> header (OAuth 2.1) or X-API-Key header."
}
```

**Cause**: No authentication header provided.

**Solution**: Include the API key header:

* `X-API-Key: pk_your_api_key_here`

<Info>
  API keys are the primary authentication method. Get your API key from `https://app.poesius.com`.
</Info>

### Invalid API Key

```json theme={null}
{
  "detail": "Invalid API key"
}
```

**Cause**: API key is incorrect or has been revoked.

**Solution**:

1. Verify the API key is correct
2. Check if the key has been revoked in the web app
3. Create a new API key if needed

### Invalid or Revoked API Key

```json theme={null}
{
  "detail": "Invalid API key" or "API key has been revoked"
}
```

**Cause**: API key is invalid or has been revoked.

**Solution**:

* Create a new API key in the web app at `https://app.poesius.com`
* Verify the API key is correct and active
* API keys don't expire automatically, but can be revoked by you or the system

## Prevention

### Always Include Authentication

```bash theme={null}
# REST API
curl -X POST "https://poe.poesius.com/api/v1/slides/generate-from-doc" \
  -H "X-API-Key: pk_your_api_key_here" \
  -F "document=@document.pdf"
```

```python theme={null}
# Python
import requests

headers = {
    "X-API-Key": "pk_your_api_key_here"
}

response = requests.post(
    "https://poe.poesius.com/api/v1/slides/generate-from-doc",
    headers=headers,
    files={"document": open("document.pdf", "rb")}
)
```

### Verify API Key Before Use

```python theme={null}
def verify_api_key(api_key):
    """Verify API key is valid"""
    try:
        response = requests.get(
            "https://poe.poesius.com/api/v1/presentations",
            headers={"X-API-Key": api_key},
            params={"limit": 1}
        )
        return response.status_code == 200
    except:
        return False

# Usage
if not verify_api_key(API_KEY):
    print("Invalid API key!")
    exit(1)
```

## Error Handling

```python theme={null}
import requests

def make_authenticated_request(url, method="GET", api_key=None, **kwargs):
    """Make request with automatic authentication error handling"""
    if not api_key:
        raise ValueError("API key is required")
    
    headers = kwargs.get("headers", {})
    headers["X-API-Key"] = api_key
    kwargs["headers"] = headers
    
    try:
        response = requests.request(method, url, **kwargs)
        response.raise_for_status()
        return response.json()
    except requests.exceptions.HTTPError as e:
        if e.response.status_code == 401:
            raise Exception("Authentication failed. Check your API key.")
        raise
```

## Best Practices

* **Store Securely**: Never commit API keys to version control
* **Use Environment Variables**: Store keys in environment variables
* **Rotate Keys**: Regularly rotate API keys for security
* **Use API Keys for Automation**: Prefer API keys over tokens for long-running processes
* **Monitor Usage**: Check API key usage in the web app

<Card title="Authentication Guide" icon="key" href="/authentication">
  Learn how to authenticate properly
</Card>

<Card title="Error Handling Overview" icon="triangle-exclamation" href="/errors/overview">
  See other error types
</Card>
