Skip to content

fix(gemini): use x-goog-api-key header instead of Bearer token#9247

Closed
Tranquil-Flow wants to merge 1 commit into
NousResearch:mainfrom
Tranquil-Flow:fix/gemini-double-auth-headers
Closed

fix(gemini): use x-goog-api-key header instead of Bearer token#9247
Tranquil-Flow wants to merge 1 commit into
NousResearch:mainfrom
Tranquil-Flow:fix/gemini-double-auth-headers

Conversation

@Tranquil-Flow

@Tranquil-Flow Tranquil-Flow commented Apr 13, 2026

Copy link
Copy Markdown
Contributor

What

Routes the Gemini API key through the x-goog-api-key header and sets a placeholder api_key to suppress the OpenAI SDK's automatic Authorization: Bearer header.

Why

Google's Gemini API rejects requests with HTTP 400 "Multiple authentication credentials received" when both Authorization: Bearer and x-goog-api-key headers are present. The OpenAI SDK automatically injects the Bearer header when api_key is set.

How

  • Added Gemini-specific header handling in both the init path and _apply_client_headers_for_base_url (used during model switches), matching the existing pattern for Copilot, Kimi, and Qwen providers.
  • 2 regression tests covering both code paths.

Test plan

  • pytest tests/hermes_cli/test_gemini_provider.py -v — all 44 tests pass

Platform

All platforms

Closes #7893

@Tranquil-Flow
fix(gemini): use x-goog-api-key header instead of Bearer token
30430e7 
Google's Gemini API rejects requests with HTTP 400 "Multiple
authentication credentials received" when the OpenAI SDK injects
both an Authorization: Bearer header and the x-goog-api-key header.
Route the API key through x-goog-api-key and set a placeholder
api_key to suppress the SDK's automatic Bearer header.

Closes NousResearch#7893
@teknium1 teknium1 mentioned this pull request Apr 18, 2026
Merged
@teknium1

teknium1 commented Apr 18, 2026

Copy link
Copy Markdown
Contributor

Closing in favor of #11961 (merged), which uses the same x-goog-api-key approach you landed on. Your diagnosis was correct and your test coverage was thorough — we went with #8530's version because it additionally covered the auxiliary_client.py paths (compression, vision, session_search), which the user's bug reports showed were hitting this too. Thanks for the clean fix.

#11961

@teknium1 teknium1 closed this Apr 18, 2026
@teknium1 teknium1 mentioned this pull request Apr 18, 2026
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: HTTP 400 "Multiple authentication credentials received" when using native gemini provider

2 participants

@Tranquil-Flow @teknium1