Admin Keys Not Working: Missing Scopes Despite "All" Permissions

API Bugs
1

Issue Summary

I’m experiencing persistent permission errors with admin keys that have been granted “All” permissions. Multiple admin keys (both existing and newly created) are failing with insufficient permission errors for basic operations.

Error Messages

json

{
  "error": {
    "message": "You have insufficient permissions for this operation. Missing scopes: api.management.read. Check that you have the correct role in your organization, and if you're using a restricted API key, that it has the necessary scopes.",
    "type": "invalid_request_error",
    "param": null,
    "code": null
  }
}

json

{
  "error": "You have insufficient permissions for this operation. Missing scopes: api.model.read. Check that you have the correct role in your organization (Reader, Writer, Owner) and project (Viewer, Member, Owner), and if you're using a restricted API key, that it has the necessary scopes."
}

What I’ve Tried

  • :white_check_mark: Verified I’m the Organization Owner

  • :white_check_mark: Created multiple new admin keys with “All” permissions

  • :white_check_mark: Used Organization Admin Keys (not project keys)

  • :white_check_mark: Waited 30+ minutes for permission propagation

  • :white_check_mark: Tested with different API endpoints

  • :white_check_mark: Verified account billing status is active

  • :cross_mark: Still getting 401 errors for admin API calls

Key Details

  • Account Type: Organization Owner

  • Key Type: Organization Admin Keys (created from /organization/admin-keys)

  • Permissions Set: “All”

  • Scope Errors: api.management.read, api.model.read

  • Status: Both existing and newly generated admin keys fail

Suspected Issue

This appears to be a system-level bug in the admin key permission management. Similar issues have been reported where keys show “All” permissions in the UI but actually have empty/null scopes internally.

Question

Has anyone successfully resolved this issue? Is there a known workaround, or should this be escalated to OpenAI support as a platform bug?

Any help would be greatly appreciated!

2 Likes
2

I have the same problem! It also does not work when switching the API Key to restricted mode and giving it explicit write permissions.

Any ideas how to fix this?

1 Like
3

I am having the same issue as well. One of our scripts that has been running flawlessly for weeks is all of a sudden failing with this error. The admin API key is still valid and has no restrictions. We are attempting to GET /v1/organization/projects:

401: Unauthorized
{
  "error": {
    "message": "You have insufficient permissions for this operation. Missing scopes: api.management.read. Check that you have the correct role in your organization (Owner), and if you're using a restricted API key, that it has the necessary scopes.",
    "type": "invalid_request_error",
    "param": null,
    "code": null
  }
}
2 Likes
4

Now it’s working again - for me :man_shrugging:

5

Likewise. Was working again when I tried this morning. Didn’t change anything, so assuming this was a bug (now fixed) in the OpenAI backend.

6

Good to hear. I passed it on to the team yesterday, I think, IIRC.

We might have someone stop by, but no promises.

Hope you stick around. We’ve got a great community growing here! :slight_smile:

1 Like
7

Thanks all + @PaulBellow for reporting this!

We identified a temporary issue that was preventing some admin API keys from being granted all of their expected scopes, which caused “missing scopes” errors even for keys with “All” permissions. The issue has now been fixed, and affected keys should be working again without any action needed.

If you still see errors with an admin key that has “All” permissions, please double-check that it’s an Organization Admin Key (not a project key) and try regenerating it. If the problem persists, reach back out with the exact error message so we can help investigate 👍.

1 Like