OpenGateway API key issue still ongoing after fix announcement #1329
-
You mentioned in this post that the API key issue was fixed:
https://x.com/gitlawb/status/2058063492859772963
I am still experiencing the same authentication issue.
I updated everything and generated new API keys, but the problem continues.
Could you please check whether my account and keys are correctly activated for OpenGateway access, or if there are any additional steps required on my side?
Thank you.
görsel_2026年05月24日_004444655
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 3 comments
-
I confirm. The api-key request occurs even during use.
Beta Was this translation helpful? Give feedback.
All reactions
-
👀 1
-
what is happening with he API i just fixed that thing yesterday after hassling 2 houses now today the issue seems to be back .
Beta Was this translation helpful? Give feedback.
All reactions
-
Technical investigation — this is a server-side gateway bug, not a client config issue
I spent time doing detailed HTTP-level testing against opengateway.gitlawb.com and can confirm this is not a client-side problem. The issue is in the gateway's server-side middleware.
What I tested
Using multiple HTTP clients (Node.js fetch, Bun fetch, raw https.request) with a valid ogw_live_... API key:
✅ Auth works on these endpoints:
GET /v1/xiaomi-mimo/models→ 200 OK (returns 358 models, key is validated)POST /v1/xiaomi-mimo/chat/completionswith empty body → 400 "Missing model" (auth passed)POST /v1/xiaomi-mimo/chat/completionswith{"model":"xiaomi/mimo-v2.5-pro"}→ 400 "Input required: specify prompt or messages" (auth passed)POST /v1/xiaomi-mimo/chat/completionswith{"model":"xiaomi/mimo-v2.5-pro","messages":[]}→ 400 "Input required" (auth passed)
❌ Auth fails (401 "API key required") on:
POST /v1/xiaomi-mimo/chat/completionswith{"model":"xiaomi/mimo-v2.5-pro","messages":[{"role":"user","content":"Hi"}]}→ 401- Same on
/v1/chat/completions(unified route) → 401 - Tried every header variant:
Authorization: Bearer,X-Api-Key,x-api-key,Api-Key,api-key, key in body, key in query param — all 401
The pattern
The auth middleware passes only when the request body does NOT contain actual message content. As soon as the messages array has a message object with "content", the gateway returns 401 {"error":{"message":"API key required"}}.
This is consistent across:
- Both
/v1/chat/completionsand/v1/xiaomi-mimo/chat/completions - Every auth header format
- Multiple HTTP clients and raw TCP requests
About PR #1317
That PR fixed the OpenClaude client to send Authorization: Bearer instead of api-key: raw. That's a client-side fix for the OpenClaude app specifically. But the gateway itself has a separate server-side bug where the auth middleware doesn't properly forward/validate credentials on the inference route when the body contains messages.
Key evidence
The error is "API key required" (not "Invalid API key"). When I intentionally send a wrong key format, I get "Invalid API key". This means the gateway's inference middleware isn't seeing our Authorization header at all — it's being dropped/stripped somewhere in the request pipeline.
Verified correct model names
From GET /v1/xiaomi-mimo/models:
xiaomi/mimo-v2.5-proxiaomi/mimo-v2.5xiaomi/mimo-v2-proxiaomi/mimo-v2-flashxiaomi/mimo-v2-omni
The docs at https://gitlawb.com/opengateway show mimo-v2.5-pro (without prefix) on the unified route — neither format works for inference.
Request
Could the gateway team check the middleware ordering / body parsing pipeline on the inference route? The Authorization header appears to be stripped when the body parser processes message content. This has been broken since at least May 22 and is blocking all direct API usage.
Beta Was this translation helpful? Give feedback.