Using REST query - 'API key is missing or invalid for the environment '

I’ve had a hell of a time getting anything to work, and have abandoned using the javascript package in favor of going straight to the REST API but I can’t even get that working. I don’t know if this header is correct and its not clear to me if the example in the docs are actually the correct header properties or not. I am using this: (of course MY KEY is a string). I lifted the url and the key from the Pinecone Console.

async query(queryVector) {
await fetch(‘’, {
method: ‘POST’,
mode: ‘no-cors’,
headers: { ‘Accept’: ‘application/json’,
‘Content-Type’: ‘application/json’,
‘Api-Key’: MY KEY,
body: JSON.stringify({
namespace: ‘dss’,
topK: 3,
includeMetadata: true,
vector: queryVector
}).then(response => { return response.json() })
.then(data => { console.log(data) })

and I get this 401 error:
API key is missing or invalid for the environment “northamerica-northeast1-gcp”. Check that the correct environment is specified.

I am not sure “Api-Key” is the right property, or even other properties are needed in the header, or what it is.
Any help appreciated, thanks.

Hi @drennenbrown,

“Api-Key” is the right field. Are you enclosing your API key in quotes or anything? It could be it’s getting munged somehow.

Why don’t you email me a screenshot showing how you’re constructing this, even with the API key present, but just edit the screenshot to obscure the API key? Email that to me directly at, and I’ll take a look at it.

I am having the exact same issue, can I send a screenshot too? Is there a solution to this?

the issue I had was CORS related, and I believe its because the pinecone REST API does not want clients (like chrome) hitting the REST API because it exposes the API key. This is speculation on my part.
What did work, was making a proxy API on a .net server and then calling that proxy API from my client browser.

I am seeing the same behaviour. My observations summed up:

  • hit the API from the browser in CORS mode, preflight returns a 401 API key missing (which is absurd since the preflight is not supposed to send custom headers)
  • hit the API from the browser with mode: no-cors also yields the 401 which makes sense since no-cors restricts what headers and values can be sent
  • hit the API from the CLI (curl), Node.js or any other non browser environment, request goes through with CORS working as designed

My request to Pinecone @Cory_Pinecone would be that you let us hit the API from wherever we want.