Enrichley's API uses a single API key sent in a header on every request. No OAuth, no token refresh — just one header.
Every request needs:
X-Api-Key: YOUR_API_KEYThe header name is X-Api-Key (case-insensitive in most HTTP clients, but use this casing to be safe). Do not send Authorization: Bearer ... — that's a common mistake from other APIs and it won't work here.
This is the most common error and almost always means one of:
You sent the wrong header name (e.g. Authorization instead of X-Api-Key).
The header was sent but the value is empty or includes "Bearer " by mistake.
You're hitting an endpoint that requires auth but your HTTP client stripped the header (some proxies and webhook services do this silently).
401 Unauthorized — the key was sent but isn't valid. Confirm you copied the full key, then re-copy from your profile page.
403 Forbidden / subscription required — your subscription has lapsed or you're on a plan that can't use this endpoint.
429 Too Many Requests — you've hit a rate limit. Back off and retry with exponential backoff.
Out of credits — your monthly grant is exhausted. Buy a credit pack or upgrade your plan.
Run this curl one-liner. A 200 response with JSON means your key is good.
curl -X POST "https://api.enrichley.io/api/v1/validate-single-email" \
-H "Content-Type: application/json" \
-H "X-Api-Key: YOUR_API_KEY" \
-d '{ "email": "[email protected]" }'Reach out via the in-app chat with the request you sent (header names + value placeholders, no real key) and the exact error response. Full API reference is at docs.enrichley.io.