Missing, malformed, unknown, expired, revoked, or rotated-away keys return
401 invalid_api_key. A valid key without the required scope returns
403 insufficient_scope.
json
{
"error": {
"code": "invalid_api_key",
"message": "The API key is missing or invalid."
}
}
Dashboard authentication is separate. /dashboard/* routes use Firebase ID
tokens for the web app, not customer API keys, and are unsupported internal implementation
details for public API clients.