Skip to content

feat: support Gemini authorization API keys#406

Open
elliot75 wants to merge 2 commits into
snailyp:mainfrom
elliot75:fix/gemini-authorization-api-keys
Open

feat: support Gemini authorization API keys#406
elliot75 wants to merge 2 commits into
snailyp:mainfrom
elliot75:fix/gemini-authorization-api-keys

Conversation

@elliot75

Copy link
Copy Markdown

Summary

  • Accept both legacy AIza... keys and service-account-bound AQ. authorization keys in the configuration UI and backend validation.
  • Send Gemini credentials through the documented x-goog-api-key header for model, generation, streaming, token-counting, embedding, and Files API requests.
  • Redact AQ. keys from access logs and avoid logging custom header values.
  • Use keyword arguments for TemplateResponse and pin the verified FastAPI/Starlette versions so source builds work with the current template API.
  • Add coverage for authorization-key validation, header precedence, and log redaction.

Context

Google AI Studio now creates authorization API keys by default. These keys use the AQ. format, while the current UI only extracts AIza... keys and outbound Gemini requests place credentials in the URL query string.

Google documentation: https://ai.google.dev/gemini-api/docs/api-key

Compatibility

  • Existing AIza... keys remain supported.
  • CUSTOM_HEADERS are preserved, but the key selected by the key manager always wins for x-goog-api-key.
  • No database migration is required.

Testing

  • python -m unittest discover -s tests -v — 18 tests passed.
  • Built the Docker image from this branch.
  • Smoke-tested /, /keys, /config, /logs, and /health; all returned HTTP 200.

An actual Gemini request was not made in the automated test suite because it would require a real API key.

orangecatQ pushed a commit to orangecatQ/gemini-balance that referenced this pull request Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant