Authentication failures from API key misconfiguration or rotation

HTTP 401 'Authentication failed' or 'Invalid API Key provided' errors occur from: (1) Sending test key (sk_test_*) to live API or vice versa, (2) Sending publishable key (pk_live_*) when secret key (sk_live_*) is required, (3) Environment variables not injected in containerized/serverless deployments (Kubernetes, Docker, Lambda, Vercel), (4) Restricted API keys lacking necessary permissions for the operation.

Verify key prefix matches environment (sk_test vs sk_live) and operation type (sk_ for secret, pk_ for publishable). Check environment variable injection in CI/CD pipeline - ensure STRIPE_SECRET_KEY is present and non-null. For restricted keys, validate permissions match required operations (e.g., read-only keys cannot create refunds).