I’ve seen a number of posts here detailing how people have come across issues with their API keys and actions with their Custom GPT. I myself was having trouble - the API call was being refused due to a lack of an API key, even though I was including one in the Authorization section! Or so I thought…
The solution to my issue was actually pretty straightforward - using the “Custom” option when setting the API key. Specifically, I think that you want to make sure that the Custom field reflects whatever your API expects the key to be called, and that it matches whatever your Schema calls the key, which in my case was X-Api-Key. With just that tweak, I was off to the races! I hope this helps at least one of you.
your api key is pass in header or query?
I used codes, but it not work:
components:
securitySchemes:
ApiKeyAuth:
type: apiKey
in: header
name: X-Api-Key
security:
don’t put the api key in your schema!!! That exposes it to your users! ONLY use the Authrorization section. Click the settings wheel at the Authorization section above where you define the Action Schema and pick ‘API Key’ and then ‘Custom’. Then, put in your API key in the top section, and (based on what you’ve given here) ‘X-Api-Key’ (without the apostrophes) in the bottom section. I know it says X-Api-Key in the bottom section already in a greyed text, but still add it in. LMK if that works!
I’ve done this and then received a 400 error b/c X-Api-Key requires User-Agent Headers set. I then tried setting the headers in my Schema, but the OpenAPI specification does not have a built-in mechanism specifically for enforcing a User-Agent header as part of its securitySchemes. Are you able to share a sanitized snippet of your schema? This would really help
