Invalid API Key Error: Causes and Solutions
Why Am I Getting an "Invalid API Key" Error?
An "Invalid API Key" error means the credentials your automation panel (WHMCS, WiseCP, HostBill, Blesta, ClientExec) is sending aren't being recognized as valid by DomainNameAPI. The most common cause is still using old username/password credentials after an account migration, or entering the Reseller ID and API Key in the wrong fields.
1. Introduction
"Invalid API Key" is one of the most common errors domain resellers and hosting companies run into on their automation panel. The message itself is short, but it can point to several different root causes: a key that got mangled during copy-paste, an old set of credentials that's no longer valid, or two fields that got swapped in the panel.
In this guide, we'll walk through why this error happens, the specific scenarios that trigger it, and exactly how to fix it on WHMCS, WiseCP, HostBill, Blesta, and ClientExec.
2. What's Actually Happening Behind This Error?
Every request sent to DomainNameAPI carries two pieces of information together: your Reseller ID (your account identity) and your API Key (your authentication credential). The system checks this pair, and if there's no match — or the key is no longer valid — it returns an error like "Invalid API Key," "Unauthorized," or "Authentication Failed."
Both values live on your account's Integration Info page, which shows three fields: Reseller ID, your live-environment API Key, and your test-environment API Key. In your automation panel's module settings, these usually map to a "Username" field (Reseller ID) and a "Password" field (API Key) — and mixing up that mapping is one of the most common causes of this exact error.
3. The Most Common Causes and Fixes
1) Still Using Old Credentials After a Migration
If your account has been migrated to the newer DomainNameAPI platform, API requests authenticated with the old username/password combination are no longer supported. If your module is still configured with those old credentials, every request gets rejected.
The fix: Update the username and password fields in your module settings with the Reseller ID and API Key emailed to you when the migration completed. Can't find that email? Go to your Integration Info page and use the "Email me my credentials" option to have it resent.
DomainNameAPI Technical Team Insight
A meaningful share of the "Invalid API Key" tickets reaching our support team come from panels that are still running on pre-migration credentials. In these cases there's nothing technically broken — the credentials simply haven't been updated yet.
2) A Stray Character Slipped In During Copy-Paste
It's surprisingly common for an extra space or an invisible line-break character to get pulled in when copying the API key from the panel and pasting it into the module. The key can look completely correct to the eye while the system rejects it as invalid.
The fix: Where possible, copy the key fresh from the panel and paste it directly into the field — then double-check there's no leading or trailing whitespace. If anything seems off, just retype the key manually.
3) Reseller ID and API Key Got Swapped
Entering the API Key into the "Username" field and the Reseller ID into the "Password" field — i.e., swapping the two — is a very common mistake. The correct mapping is: Username = Reseller ID, Password = API Key.
The fix: Open your module settings and check both fields carefully to confirm the Reseller ID is in the username field and the API Key is in the password field.
DomainNameAPI Technical Team Insight
A large share of "Reseller Not Found" cases come down to people entering their account email address in the Reseller ID field. The Reseller ID isn't your email — it's a separate value on the Integration Info page, usually a long alphanumeric string.
4) An Outdated or Unpatched Module Version
An old module version may not support the current authentication method at all. In that case, even correctly entered credentials get sent in the wrong format, and the system returns "Authentication Failed" or "Invalid API Response" instead.
The fix: Download the latest module package for your platform from the official GitHub repository, overwrite your existing files, and re-save your API credentials afterward.
5) Using a Test-Environment Key in Production (or the Reverse)
Your Integration Info page issues separate API keys for the live and test environments. Using the test key in your live module — or the live key in a test/sandbox setup — triggers an authentication error.
The fix: Confirm which environment you're actually configuring (live or test), and make sure you're using the matching API key for that environment.
6) The Key Was Rotated for Security, But the Module Wasn't Updated
If you regenerated your API key for security reasons but didn't update your module settings afterward, the system will reject the now-invalid old key.
The fix: Check your current API key in the panel; if you rotated it recently, update the password field in your module settings with the new value.
7) An Authorization Issue That Looks Like an Invalid Key
Sometimes the real problem isn't the API key at all — it's that the requesting server's IP isn't on the authorized list. Some panels still surface this as a generic "Unauthorized" or "Invalid API Key" message.
The fix: Once you've confirmed the API key itself is correct and the error persists, check that your server's IP address is listed in DomainNameAPI's IP authorization settings.
4. Decision Tree: If You're Getting an Invalid API Key Error
If you're seeing an "Invalid API Key" error, work through this in order:
1) Did your account recently go through a migration to a new panel?
- Yes -> Replace the old username/password fields with your Reseller ID + API Key.
- No -> Move to step 2.
2) Could copying the API key from the panel have added a stray space or line break?
- Yes -> Retype the key manually instead of copy-pasting.
- No -> Move to step 3.
3) Did the Reseller ID and API Key end up in the wrong fields?
- Yes -> Username = Reseller ID, Password = API Key. Fix the order.
- No -> Move to step 4.
4) Are you using a test-environment key in production (or vice versa)?
- Yes -> Switch to the correct environment's key.
- No -> Check your module version and IP whitelist next.
5. Correct Field Mapping by Platform
The table below shows exactly where to enter your credentials, and in what order, on each platform:
6. Common Authentication Errors and What They Mean
Depending on the platform you're using, an "Invalid API Key" issue may appear under a different error message. The table below summarizes the most common variations:
7. Invalid API Key Error by Platform & Module Downloads
Below you'll find the latest official module download references for each supported automation platform. If you're using an outdated module, update it first and then re-save your API credentials.
WHMCS Invalid API Key Error
In WHMCS this error is usually caused by incorrect values in the Username/Password fields under System Settings → Domain Registrars → DomainNameAPI. Download the latest module from
WiseCP Invalid API Key Error
On WiseCP, outdated reseller credentials under Products/Services → Domain Registration → Setup/Settings are the most common reason. Download the latest module from
HostBill Invalid API Key Error
Verify the credentials under Settings → Modules → Domain Registrars → DomainNameAPI. Download the latest module from
Blesta Invalid API Key Error
Open Settings → Company → Modules → Domain Name API → Manage and enter the correct Reseller ID and API Key again. Download the latest module from
ClientExec Invalid API Key Error
Review the authentication fields under Settings → Plugins → Registrars → DomainNameAPI and make sure legacy credentials are no longer in use. The latest module files are available from the official Domain Name API GitHub organization.
8. Best Practices for Storing Your API Key Securely
Your API key provides full access to your reseller account. Following these practices improves security and helps prevent future authentication issues.
- Store API keys in environment variables (.env) instead of hardcoding them.
- Exclude your .env file from Git repositories using .gitignore.
- Use a secure secret manager (Vault, AWS Secrets Manager, Azure Key Vault, etc.) for production systems.
- Restrict API access by IP whenever possible.
- Never send API keys through email, chat applications, screenshots, or public repositories.
- If you suspect your API key has been exposed, regenerate it immediately and update every integration.
9. Frequently Asked Questions
1. I'm sure my API Key is correct, but I still get the error. What should I do?
Re-enter the API Key manually to eliminate hidden characters introduced during copy-paste, verify that the Reseller ID and API Key haven't been swapped, and confirm you're running the latest module version. If all three are correct, check your IP authorization settings.
2. What's the difference between a Reseller ID and an API Key?
Your Reseller ID identifies your reseller account and belongs in the username field. Your API Key authenticates that account and belongs in the password field. Every DomainNameAPI request requires both.
3. Can I use my test API Key in production?
No. Test API Keys are intended only for development and integration testing. Production systems must always use the Live API Key issued from your Integration Information page.
4. I can't find the migration email. How can I retrieve my API credentials?
Open your reseller panel and navigate to My Account → Reseller Settings → Integration Information. From there you can view your current Reseller ID and API Key or resend them to your registered email address.
5. Will updating the module affect my domains or API credentials?
No. Updating the module only replaces the integration layer between your automation panel and the DomainNameAPI platform. Your domains, reseller account and API credentials remain unchanged.
6. Are "Unauthorized" and "Invalid API Key" the same error?
Not always. Although they often point to invalid authentication credentials, an "Unauthorized" error may also indicate an IP whitelist issue. It's best to verify both your API credentials and your authorized IP addresses.
7. How often should I rotate my API Key?
There is no mandatory schedule, but rotating your API Key periodically—such as every six months—is considered a good security practice. Remember to update all connected systems after generating a new key.
8. Can I use the same API Key with multiple automation panels?
Yes. The same Reseller ID and API Key can be configured in multiple supported platforms such as WHMCS, WiseCP, HostBill, Blesta, and ClientExec. Some larger organizations, however, prefer separate reseller accounts for auditing and security purposes.
9. What should I do if I believe my API Key has been exposed?
Contact our support team immediately, generate a new API Key, and replace the old one across every application, server, and automation panel using it.
10. Can I continue using my old cp.domainnameapi.com username and password?
No. Once your account has been migrated to the new DomainNameAPI platform, legacy username/password authentication is no longer supported. You must authenticate using your Reseller ID and API Key.
11. My panel doesn't have a "Password" field—it says "API Key" or "Token." Is that normal?
Yes. Some automation panels label the authentication field as API Key or Token instead of Password. The logic remains exactly the same: Username = Reseller ID, API Key/Token = API Key.
12. What's the fastest way to verify my API connection?
Most automation panels provide a connection test or balance lookup option. If that request succeeds, your Reseller ID, API Key, and API connection are configured correctly.
13. Does every sub-reseller account have its own API credentials?
Yes. Every sub-reseller account has its own unique Reseller ID and API Key, completely independent from the parent reseller account. Each account must be configured separately.
10. Conclusion
"Invalid API Key" looks like a single error message, but it's really shorthand for a handful of predictable causes: credentials that weren't updated after a migration, a copy-paste mistake, swapped fields, an outdated module, or the wrong environment's key. Work through them in the order in this guide, and you'll usually have it resolved within a few minutes.
If the issue persists, your module log is the fastest path to an answer — or reach out to our support team directly.
Manage domains in 200+ countries through a single API, integrate with WHMCS, WiseCP, HostBill, Blesta, and ClientExec in minutes, and start selling domains today.
Become a Domain Reseller Today
Start selling domain names worldwide with a free DomainNameAPI reseller account and integrate your preferred automation platform in minutes.
