API key not valid?

Hi all. I have a script that I’ve been using to automate some tests, and for a long time it worked fine. Two or three months ago it stopped working. When looking into it this morning, I discovered the URL I’ve been using is returning status 400 with the “statusText” of “An error occurred processing your request (missing API key). If you do not have an API key you can purchase one here: WebPageTest PRO | Access Our Developer-First API”. The thing is, I have a valid subscription to the Pro plan, and I verified that I was using the API key from https://www.webpagetest.org/account#api-consumers. I assume that’s the right key to be using, but maybe not?

The URL in question is https://www.webpagetest.org/runtest.php?k=XXX&f=json&location=ec2-us-east-1:Chrome.4G&mobile=1&mobileDevice=GalaxyS8&runs=9&fvonly=1&url=https%3A%2F%2Fstaging.acornfinance.dev%2F.

Can anyone tell me why this would be returning status code 400?

From what I understand, they changed how the key is passed and it now requires a HTTP header. From another forum:

Security update: API keys are now required in the X-WPT-API-KEY header.
The query parameter k= will be ignored. Current API keys will continue to work.

Hello Scott,

Please let us know if adding the Key in request header resolved your issue?
If not please feel free to raise a ticket with the support (support@webpagetest.org)


Based on his post issue started a while ago. Not even sure we did the change yet on the key to have been an impact.

1 Like

Yes, putting the key in the X-WPT-API-KEY header did the job.


Will it make changes to how we send request to private instances also as I can see the error for Key.

Maybe, if you are using the latest code from github. That said, the error you are seeing there looks like it is coming from the webpagetest node module, not your private instance. My guess is that you need the node module to support passing the API key either way (or use an older version of the node module on the client before the change).