Skip to content

Chat Interface Requires API Key - 403 Error Without Key #40

New issue
New issue
Open
Open
Chat Interface Requires API Key - 403 Error Without Key#40
@ks-nss

Description

@ks-nss
ks-nss
opened on Jun 20, 2025

The chat interface appears to require an API key even though it shouldn't. When the API key is removed, requests fail with a 403 error. This is consistently reproducible.

Steps to Reproduce:

 Remove the API key from the configuration.
 Submit a chat message.

Expected Behavior:

The chat interface should function without requiring an API key.

Actual Behavior:

The request fails with a 403 error.

Error Details:

{
  "message": "ERR_BAD_REQUEST",
  "code": "ERR_BAD_REQUEST",
  "status": 403,
  "config": {
    "transitional": {
      "silentJSONParsing": true,
      "forcedJSONParsing": true,
      "clarifyTimeoutError": false
    },
    "adapter": [
      "xhr",
      "http"
    ],
    "transformRequest": [
      null
    ],
    "transformResponse": [
      null
    ],
    "timeout": 0,
    "xsrfCookieName": "XSRF-TOKEN",
    "xsrfHeaderName": "X-XSRF-TOKEN",
    "maxContentLength": -1,
    "maxBodyLength": -1,
    "env": {},
    "headers": {
      "Accept": "application/json, text/plain, _/_",
      "Content-Type": "application/json"
    },
    "method": "post",
    "url": "https://somedomain.com/api/v1/run/09b40xxxxxxxxxxxxxxxxxxxxxx43849",
    "data": "{\"input_type\":\"chat\",\"input_value\":\"Hello\",\"output_type\":\"chat\",\"session_id\":\"ebe9xxxxxxxxxxxxxxxxxxxxxa2952f0\"}"
  }
}

Request Payload:

{
  "input_type": "chat",
  "input_value": "Hello",
  "output_type": "chat",
  "session_id": "ebe9xxxxxxxxxxxxxxxxxxxxxxxxxxxxda2952f0"
}

URL:

https://somedomain.com/api/v1/run/09b40xxxxxxxxxxxxxxxxxxxxxx43849

Stack Trace (for reference):

Object { message: "Request failed with status code 403", name: "AxiosError", code: "ERR_BAD_REQUEST", config: {…}, request: XMLHttpRequest, response: {…}, stack: "", … }

{
  "message": "Request failed with status code 403",
  "name": "AxiosError",
  "stack": "u@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2129466\nEventHandlerNonNull*Za.xhr</<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2129733\nZa.xhr<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2128652\nGa@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2132024\nvalue@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2135586\ne/<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2136298\nkQ/<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2109672\noT/t/<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2139707\nl@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2104893\n_Q/s/<.value<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2104666\n_Q/y/</<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2105252\nSQ@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2109552\nQ@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2139941\noT/oT/<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2140001\noT@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2139879\noT@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2140015\naT/G/<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2142128\nG@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2142150\nonKeyDown@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2144854\n4463/It/<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1793024\nIt@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1793062\n4463/Hr/<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1811233\nHr@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1811327\nvr@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1811743\n4463/Or/<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1817121\nNT@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1872814\nOt@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1792056\nOr@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1813023\nBe@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1798797\nje@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1798579\nEventListener.handleEvent*wr@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1812528\nxr@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1811934\n4463/Vr/<@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1812103\nVr@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1812047\n4463/e.createRoot@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1902425\nS@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:1938114\nvalue@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2146174\nvalue@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2146090\nLifecycleAttributeChangedCallback*@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2145182\n@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2198783\n@https://cdn.jsdelivr.net/gh/logspace-ai/[email protected]/dist/build/static/js/bundle.min.js:1:2198786\n",
  "config": {
    "transitional": {
      "silentJSONParsing": true,
      "forcedJSONParsing": true,
      "clarifyTimeoutError": false
    },
    "adapter": [
      "xhr",
      "http"
    ],
    "transformRequest": [
      null
    ],
    "transformResponse": [
      null
    ],
    "timeout": 0,
    "xsrfCookieName": "XSRF-TOKEN",
    "xsrfHeaderName": "X-XSRF-TOKEN",
    "maxContentLength": -1,
    "maxBodyLength": -1,
    "env": {},
    "headers": {
      "Accept": "application/json, text/plain, */*",
      "Content-Type": "application/json"
    },
    "method": "post",
    "url": "https://somedomain.com/api/v1/run/09b40xxxxxxxxxxxxxxxxxxxxxxxxxa43849",
    "data": "{\"input_type\":\"chat\",\"input_value\":\"Hello\",\"output_type\":\"chat\",\"session_id\":\"ebe93xxxxxxxxxxxxxxxxxxxxxxxxxda2952f0\"}"
  },
  "code": "ERR_BAD_REQUEST",
  "status": 403
}

Additional Notes:

I've verified this behaviour multiple times. Removing the API key consistently results in a 403 error. Let me know if you need any additional information.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions