401 error when calling OpenAI API with EU-only geography restriction

Hello everyone,

I am experiencing a persistent 401 error when calling the OpenAI API with a project that has EU-only geography restriction enabled. The error message is:

“Attempted to access resource from outside project geography EU”.

An API key is created successfully, but all API requests fail with this error.

Yesterday, API access was tested by different users from multiple locations, specifically Switzerland, the Netherlands, Italy, and Cyprus. We tried different network environments, including standard internet connections as well as multiple VPN and proxy configurations. In all cases, the same 401 error occurred.

We also tested requests against both endpoints (api.openai and eu.api.openai). Both endpoints consistently return the same 401 error.

As a result, the API appears to be inaccessible from all tested environments, even when requests originate from EU countries or nearby European locations. At this point, it is unclear what network conditions are actually considered valid for projects with EU-only geography enabled, or what actions are expected from the user side to make the API usable.

What types of networks are supported for EU-only projects (e.g. residential, mobile, institutional) Is access from university or institutional networks expected to work? Are there specific project-level settings that must be adjusted to enable API access? If EU-only projects require consumer residential/mobile internet exclusively, is this documented anywhere?

Any clarification on the intended usage model for EU-only geography projects, and recommended next steps to resolve this issue, would be greatly appreciated.

Thank you in advance.

The first thing that I must interject: client software must NOT call the OpenAI directly.

That you are concerned about the user’s locations indicates that you are providing a plaintext API key in the user’s client, and the client is NOT making backend requests to your own API setup as a customer authentication backend, but INSTEAD is transmitting requests where your own API key can easily be snooped or extracted from the code - a bad idea where a bad actor can steal that key and abuse it.

The only exception might be when using ephemeral keys with realtime and WebRTC (audio), which safely invokes direct connections.

You should have a worker backend in a fixed location (not a routed Cloudflare on-demand localized worker that can even be run in China, for example). The static IP should be easily geolocated and reversed to an allowed location for EU data residency. That should be your reliable “connection” to OpenAI services, authenticating, moderating, logging, and billing your own users.

You should do your own “know your customer” to determine if data residency or compliance is needed, although I see no reason in OpenAI public terms why you can’t offer services to anyone anywhere in worldwide allowed countries still.

I cannot report on the actual quality of EU API or the reason for rejection with the OpenAI API after it is set up for your enterprise from personal experience, being in the USA. Just advice.