Documentation

FAQ: Why is my API key invalid? in the NexoRouter documentation.

FAQ: Why is my API key invalid?

invalid_api_key means the request did not include a valid active NexoRouter API key for the NexoRouter base URL.

The most common cause is a key and base URL mismatch: a NexoRouter key is sent to the official OpenAI API, or a different provider's key is sent to NexoRouter.

Quick check

CheckExpected value
Base URLhttps://api.nexorouter.com/v1
HeaderAuthorization: Bearer YOUR_NEXOROUTER_API_KEY
Key sourceDashboard -> API Keys
Key stateEnabled and not expired
Key secrecyFull key never shared in chat, tickets, logs, or screenshots

Base URL and key must match

API keyBase URLResult
NexoRouter keyhttps://api.nexorouter.com/v1Correct
OpenAI keyhttps://api.openai.com/v1Correct for OpenAI, not NexoRouter
NexoRouter keyhttps://api.openai.com/v1Wrong
OpenAI keyhttps://api.nexorouter.com/v1Wrong

If the app says the key is invalid but the key exists in NexoRouter, check the base URL before rotating the key.

Check the Authorization header

It must be:

Authorization: Bearer YOUR_NEXOROUTER_API_KEY

Check:

  • Bearer is present.
  • There is one space between Bearer and the key.
  • The key is not wrapped in quotes.
  • The key came from NexoRouter, not another provider.
  • The request is going to https://api.nexorouter.com/v1.

Correct examples

Python:

from openai import OpenAI

client = OpenAI(
    api_key="YOUR_NEXOROUTER_API_KEY",
    base_url="https://api.nexorouter.com/v1",
)

Node.js:

import OpenAI from "openai";

const client = new OpenAI({
  apiKey: process.env.NEXOROUTER_API_KEY,
  baseURL: "https://api.nexorouter.com/v1",
});

cURL:

curl https://api.nexorouter.com/v1/models \
  -H "Authorization: Bearer $NEXOROUTER_API_KEY"

Common wrong examples

Wrong setupWhy it fails
base_url="https://api.openai.com/v1" with a NexoRouter keyThe request goes to OpenAI, which cannot validate a NexoRouter key.
Missing BearerThe gateway cannot parse the credential.
Key copied with hidden whitespaceThe value no longer matches the stored key.
Browser JavaScript calls the API directlyThe key can leak and CORS/client-side behavior may block the request.
Deployment uses a different env var than local devThe server is not reading the key you tested locally.

Check key state

Open Dashboard -> API Keys and confirm:

  • the key exists;
  • the key is enabled;
  • the key has not expired;
  • the key was copied completely;
  • the key belongs to the same account or workspace that has balance;
  • the key's model scope includes the model you are testing.

If the key is expired, disabled, leaked, or scoped incorrectly, create a replacement key with the right settings.

Check environment variables

test -n "$NEXOROUTER_API_KEY" && echo "NEXOROUTER_API_KEY is set"

This confirms the variable exists without printing the secret. Make sure the current shell, dev server, worker, or deployment environment is reading the same variable.

For tools that require OpenAI-style variable names:

export OPENAI_API_KEY="$NEXOROUTER_API_KEY"
export OPENAI_BASE_URL="https://api.nexorouter.com/v1"

Keep that scoped to the project or tool that should use NexoRouter.

Third-party tools

Look for settings named:

  • Custom OpenAI
  • OpenAI-compatible
  • Base URL
  • API URL
  • Endpoint
  • OpenAI API key

Use:

Base URL: https://api.nexorouter.com/v1
API key: YOUR_NEXOROUTER_API_KEY

Do not paste a NexoRouter key into a provider field that is specifically for Anthropic, Gemini native, or another non-OpenAI-compatible protocol.

What to send support

If it still fails, send:

Request ID, if available:
Endpoint:
Base URL configured:
Model ID:
Key name or last four characters:
Approximate time:
Client/tool:
Whether GET /v1/models works:

Never send the full key. If support asks which key you are using, send only the key name or last four characters.

FAQ: Why is my API key invalid? — NexoRouter