Documentation
FAQ: Why is my API key invalid? in the NexoRouter documentation.
FAQ: Why is my API key invalid?
invalid_api_key means the request did not include a valid active NexoRouter API key for the NexoRouter base URL.
The most common cause is a key and base URL mismatch: a NexoRouter key is sent to the official OpenAI API, or a different provider's key is sent to NexoRouter.
Quick check
| Check | Expected value |
|---|---|
| Base URL | https://api.nexorouter.com/v1 |
| Header | Authorization: Bearer YOUR_NEXOROUTER_API_KEY |
| Key source | Dashboard -> API Keys |
| Key state | Enabled and not expired |
| Key secrecy | Full key never shared in chat, tickets, logs, or screenshots |
Base URL and key must match
| API key | Base URL | Result |
|---|---|---|
| NexoRouter key | https://api.nexorouter.com/v1 | Correct |
| OpenAI key | https://api.openai.com/v1 | Correct for OpenAI, not NexoRouter |
| NexoRouter key | https://api.openai.com/v1 | Wrong |
| OpenAI key | https://api.nexorouter.com/v1 | Wrong |
If the app says the key is invalid but the key exists in NexoRouter, check the base URL before rotating the key.
Check the Authorization header
It must be:
Authorization: Bearer YOUR_NEXOROUTER_API_KEY
Check:
Beareris present.- There is one space between
Bearerand the key. - The key is not wrapped in quotes.
- The key came from NexoRouter, not another provider.
- The request is going to
https://api.nexorouter.com/v1.
Correct examples
Python:
from openai import OpenAI
client = OpenAI(
api_key="YOUR_NEXOROUTER_API_KEY",
base_url="https://api.nexorouter.com/v1",
)
Node.js:
import OpenAI from "openai";
const client = new OpenAI({
apiKey: process.env.NEXOROUTER_API_KEY,
baseURL: "https://api.nexorouter.com/v1",
});
cURL:
curl https://api.nexorouter.com/v1/models \
-H "Authorization: Bearer $NEXOROUTER_API_KEY"
Common wrong examples
| Wrong setup | Why it fails |
|---|---|
base_url="https://api.openai.com/v1" with a NexoRouter key | The request goes to OpenAI, which cannot validate a NexoRouter key. |
Missing Bearer | The gateway cannot parse the credential. |
| Key copied with hidden whitespace | The value no longer matches the stored key. |
| Browser JavaScript calls the API directly | The key can leak and CORS/client-side behavior may block the request. |
| Deployment uses a different env var than local dev | The server is not reading the key you tested locally. |
Check key state
Open Dashboard -> API Keys and confirm:
- the key exists;
- the key is enabled;
- the key has not expired;
- the key was copied completely;
- the key belongs to the same account or workspace that has balance;
- the key's model scope includes the model you are testing.
If the key is expired, disabled, leaked, or scoped incorrectly, create a replacement key with the right settings.
Check environment variables
test -n "$NEXOROUTER_API_KEY" && echo "NEXOROUTER_API_KEY is set"
This confirms the variable exists without printing the secret. Make sure the current shell, dev server, worker, or deployment environment is reading the same variable.
For tools that require OpenAI-style variable names:
export OPENAI_API_KEY="$NEXOROUTER_API_KEY"
export OPENAI_BASE_URL="https://api.nexorouter.com/v1"
Keep that scoped to the project or tool that should use NexoRouter.
Third-party tools
Look for settings named:
- Custom OpenAI
- OpenAI-compatible
- Base URL
- API URL
- Endpoint
- OpenAI API key
Use:
Base URL: https://api.nexorouter.com/v1
API key: YOUR_NEXOROUTER_API_KEY
Do not paste a NexoRouter key into a provider field that is specifically for Anthropic, Gemini native, or another non-OpenAI-compatible protocol.
What to send support
If it still fails, send:
Request ID, if available:
Endpoint:
Base URL configured:
Model ID:
Key name or last four characters:
Approximate time:
Client/tool:
Whether GET /v1/models works:
Never send the full key. If support asks which key you are using, send only the key name or last four characters.