Sonny Labs Docs
Error codes

auth.api_key.expired

The API key authenticated correctly but its `expires_at` is in the past.

auth.api_key.expired is returned at HTTP 401.

When this fires

Every API key issued through the v1 API carries an expires_at (default now() + 1 year, max now() + 2 years). When a request arrives after that timestamp, the auth filter rejects it before the route handler runs.

What to do

Open the API keys page in the dashboard, mint a replacement with the same scopes, swap the secret in your secrets manager, then revoke the old key. The Python SDK raises AuthenticationError and the TypeScript SDK throws AuthenticationError for this code — branch on it to surface a key-rotation reminder.

See also

  • SDK reference — the Python and TypeScript SDKs raise typed exceptions for codes in this namespace.
  • Error code index — every code the runtime can return.

Error codes

Stable dot-namespaced identifiers returned in the RFC 9457 Problem envelope's `code` field. Branch on these in your SDK exception handlers.

auth.forbidden

The principal is authenticated but is not allowed to perform this operation.

On this page

When this firesWhat to doSee also