[Bug]: HTTP 400 "Multiple authentication credentials received" when using native gemini provider

[DrexxLaggui]

Bug Description

When using the built-in gemini provider with a GEMINI_API_KEY in ~/.hermes/.env, the agent fails with an HTTP
400 error from the Google AI Studio endpoint. Was also using a Vertex AI to generate GEMINI_API_KEY (started with AQ.Ab8...) but was able to make it run with a different API key (that started with AIzaS...)

Workaround: Renaming the key to OPENAI_API_KEY and setting provider:a single Bearer header.

Steps to Reproduce

1. Generate a standard Google Cloud API key (AIza...).
2. Add GEMINI_API_KEY=your_key to ~/.hermes/.env.
3. Set provider: gemini and default: gemini-1.5-flash in ~/.hermes/config.yaml.
4. Run the agent: ~/.hermes/hermes-agent/venv/bin/python3 ~/.hermes/hermes-agent/cli.py "hello".
5. Observe the BadRequestError [HTTP 400] with the message "Multiple authentication credentials received".

Expected Behavior

The agent should successfully authenticate using either the x-goog-api-key header OR the Authorization: Bearer header, but not both.

Ideally, if using the OpenAI SDK transport, the manual injection of x-goog-api-key should be suppressed when a Bearer token is present.

Actual Behavior

The agent initialization fails with the following error: BadRequestError [HTTP 400]: Error code: 400 - [{'error': {'code': 400, 'message': 'Multiple authentication credentials received. Please pass only one.', 'status': 'INVALID_ARGUMENT'}}]

Affected Component

Configuration (config.yaml, .env, hermes setup)

Messaging Platform (if gateway-related)

No response

Operating System

Parrot Security

Python Version

3.11.15

Hermes Version

v0.8.0 (2026.4.8)

Relevant Logs / Traceback

️API call failed (attempt 1/3): BadRequestError [HTTP 400]
Provider: gemini Model: gemini-2.5-flash
Endpoint: https://generativelanguage.googleapis.com/v1beta/openai
Error: HTTP 400: Error code: 400 - [{'error': {'code': 400, 'message': 'Multiple authentication credentials received. Please pass only one.', 'status': 'INVALID_ARGUMENT'}}]

Root Cause Analysis (optional)

1. The gemini provider logic manually injects an x-goog-api-key header.
2. Simultaneously, the underlying openai
   Python SDK automatically injects an Authorization: Bearer header.
3. Google’s API gateway rejects requests that contain both headers as an ambiguous credential set.

Proposed Fix (optional)

No response

Are you willing to submit a PR for this?

• I'd like to fix this myself and submit a PR

[naure]

This looks like an issue on the API side. Command from doc.

curl "https://generativelanguage.googleapis.com/v1beta/openai/chat/completions" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $GEMINI_API_KEY" \
  -d '{
    "model": "gemini-3-flash-preview",
    "messages": [
      {
        "role": "user",
        "content": "Explain to me how AI works"
      }
    ]
  }'

Works with AIza… keys, but with an AQ. key it produces the error "Multiple authentication credentials received."

And https://aistudio.google.com/api-keys is now generating AQ. keys.

[flben233]

I have also encountered this issue and I noticed that if using a key without AQ. prefix, the openai compatible api works well.

[gabriel93blt]

Hey, so we need to put our api key without the AQ. prefix or just use a non google ai studio api key?

[saikayao2000]

I updated but still have this issue:
API call failed (attempt 1/3): BadRequestError [HTTP 400]
🔌 Provider: gemini Model: gemini-3.1-flash-lite-preview
🌐 Endpoint: https://generativelanguage.googleapis.com/v1beta/openai
📝 Error: HTTP 400: Error code: 400 - [{'error': {'code': 400, 'message': 'Multiple authentication credentials received. Please pass only one.', 'status': 'INVALID_ARGUMENT'}}]
📋 Details: [{'error': {'code': 400, 'message': 'Multiple authentication credentials received. Please pass only one.', 'status': 'INVALID_ARGUMENT'}}]
⚠️ Non-retryable error (HTTP 400) — trying fallback...
❌ Non-retryable error (HTTP 400): HTTP 400: Error code: 400 - [{'error': {'code': 400, 'message': 'Multiple authentication credentials received. Please pass only one.', 'status': 'INVALID_ARGUMENT'}}]
❌ Non-retryable client error (HTTP 400). Aborting.
🔌 Provider: gemini Model: gemini-3.1-flash-lite-preview
🌐 Endpoint: https://generativelanguage.googleapis.com/v1beta/openai
💡 This type of error won't be fixed by retrying.
─ ⚕ Hermes ─────────────────────────────────────────────────────────────────────────────────────────────────────────

 Error: Error code: 400 - [{'error': {'code': 400, 'message': 'Multiple authentication credentials received.        
 Please pass only one.', 'status': 'INVALID_ARGUMENT'}}]        

[saikayao2000]

should we change another CLI except Gemini? Or it's just my problem