Skip to content

Fix #14: Filter Authorization header when using configured API key in Anthropic passthrough#17

Merged
erans merged 2 commits intomainfrom
bug/14/megallm-401-auth-failed
Oct 23, 2025
Merged

Fix #14: Filter Authorization header when using configured API key in Anthropic passthrough#17
erans merged 2 commits intomainfrom
bug/14/megallm-401-auth-failed

Conversation

@erans
Copy link
Copy Markdown
Owner

@erans erans commented Oct 23, 2025

Summary

Fixes #14 - Authentication failures when using configured API key with MegaLLM proxy

When a configured API key is set for the Anthropic provider, the passthrough mode was previously sending both the configured x-api-key AND any Authorization header from the client request. This caused authentication failures with some proxies (like MegaLLM) that don't expect both headers.

Changes

  • Filter out both authorization and x-api-key headers from client requests when a configured API key is present
  • Only use the configured API key for authentication in this case
  • Preserve all headers (including client auth) when no API key is configured
  • Add debug logging to show filtered headers and final headers sent to Anthropic API
  • Applied to both send_passthrough and stream_passthrough methods
  • Fix clippy warning in pricing.rs (identity_op)

Affected Components

  • crates/lunaroute-egress/src/anthropic.rs - Anthropic egress connector passthrough methods
  • crates/lunaroute-ui/src/pricing.rs - Clippy fix

Testing

  • ✅ All 403 tests pass
  • ✅ Cargo clippy passes with no warnings
  • ✅ Cargo build successful

Behavior

Before

Client Request Headers:
  Authorization: Bearer client-token
  x-api-key: client-key

Sent to Anthropic:
  Authorization: Bearer client-token  ❌ (causes conflict)
  x-api-key: configured-key           ✅

After

Client Request Headers:
  Authorization: Bearer client-token
  x-api-key: client-key

Sent to Anthropic:
  x-api-key: configured-key           ✅ (only configured key sent)

When no configured API key exists, all client headers are passed through unchanged (original behavior preserved).

🤖 Generated with Claude Code

erans and others added 2 commits October 22, 2025 11:10
@erans
Bump version to 0.1.3
0447194
@erans @claude
Fix #14: Filter Authorization header when using configured API key in…
5c7095f 
… Anthropic passthrough

When a configured API key is set for the Anthropic provider, the passthrough
mode was previously sending both the configured x-api-key AND any Authorization
header from the client request. This caused authentication failures with some
proxies (like MegaLLM) that don't expect both headers.

Changes:
- Filter out both 'authorization' and 'x-api-key' headers from client requests
  when a configured API key is present
- Only use the configured API key for authentication in this case
- Preserve all headers (including client auth) when no API key is configured
- Add debug logging to show filtered headers and final headers sent
- Applied to both send_passthrough and stream_passthrough methods
- Fix clippy warning in pricing.rs (identity_op)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@erans erans merged commit 616d37e into main Oct 23, 2025
8 checks passed
@erans erans deleted the bug/14/megallm-401-auth-failed branch October 23, 2025 17:36
@freakynit freakynit mentioned this pull request Oct 23, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Provider error: 401 - {\"error\":\"API key not found\",\"code\":\"AUTH_FAILED\"}

1 participant

@erans