Error: unauthorized
No usable credential was presented on the request.
unauthorized
unauthorizedHTTP status: 401
The request reached the API without a usable credential. Unlike invalid_token — where a credential was presented but did not match — this code means the Authorization header was absent or unparseable.
Why this happens
- The
Authorizationheader was omitted entirely. - The header was present but not in the
Bearer <token>form (a missingBearerprefix, a stray newline, or a quoted value). - A proxy or framework middleware stripped the header before it reached the API.
- The SDK was constructed with no token and no
ISA_TOKENin the environment, so it sent the request unauthenticated.
What to do
- Confirm the request carries
Authorization: Bearer $ISA_TOKENexactly — one space afterBearer, no quotes around the value. - Verify the env var is set:
echo "${ISA_TOKEN:?missing}". - If a reverse proxy sits in front of your client, confirm it forwards the
Authorizationheader rather than consuming it.
Example response
{
"type": "https://zyins.isaapi.com/errors/unauthorized",
"title": "Unauthorized",
"status": 401,
"detail": "No Authorization header was present on the request. Send 'Authorization: Bearer <token>'.",
"code": "unauthorized",
"param": null,
"request_id": "req_01HZK2N5GQR9T8X4B6FJW3Y1AS"
}SDK exceptions
| Language | Exception class |
|---|---|
| TypeScript | IsaUnauthorizedError |
| Python | IsaUnauthorizedError |
| Go | *zyins.UnauthorizedError |
| PHP | Isa\Sdk\Zyins\Exception\IsaUnauthorizedException |
| C# | IsaUnauthorizedException |
See also
- Error catalog
invalid_token— a credential was presented but did not match- Authentication guide
Updated about 22 hours ago