Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix [Bug]: MiniMax CN endpoint (api.minimaxi.com) auth fails with 401 in 2026.5.x — authHeader:true config not honored at runtime

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…

The MiniMax CN endpoint (https://api.minimaxi.com/anthropic) consistently returns 401 login fail: Please carry the API secret key in the 'X-Api-Key' field of the request header on every request, even with a valid API key that works perfectly in other clients.

This is distinct from #83449 (which tested only api.minimax.io international endpoint). The CN endpoint has different auth requirements that the current runtime does not satisfy.

This is likely related to PR #50737 (Fix anthropic auth header), which has been open for 2+ months without merge.

Error Message

LLM error authentication_error: login fail: Please carry the API secret key in the 'X-Api-Key' field of the request header

Root Cause

Root cause hypothesis

Fix Action

Workaround

Switch primary model away from MiniMax to e.g. volcengine-plan. This is what we are doing as a temporary measure, but loses access to MiniMax models.

Code Example

{
  "models": {
    "providers": {
      "minimax": {
        "baseUrl": "https://api.minimaxi.com/anthropic",
        "api": "anthropic-messages",
        "authHeader": true,
        "apiKey": "***",
        "models": [{"id": "MiniMax-M2.7", "...": "..."}]
      }
    }
  }
}

---

LLM error authentication_error:
login fail: Please carry the API secret key in the 'X-Api-Key' field
of the request header

---

createClient({
  apiKey: null,
  authToken: apiKey,  // <-- routed via Anthropic SDK authToken
  baseURL: resolveMantleAnthropicBaseUrl(model.baseUrl),
  ...
})
RAW_BUFFERClick to expand / collapse

Bug type

Regression (worked in 2026.4.x, broke after upgrading to 2026.5.x)

Summary

The MiniMax CN endpoint (https://api.minimaxi.com/anthropic) consistently returns 401 login fail: Please carry the API secret key in the 'X-Api-Key' field of the request header on every request, even with a valid API key that works perfectly in other clients.

This is distinct from #83449 (which tested only api.minimax.io international endpoint). The CN endpoint has different auth requirements that the current runtime does not satisfy.

This is likely related to PR #50737 (Fix anthropic auth header), which has been open for 2+ months without merge.

Environment

  • OpenClaw: 2026.5.12 (also reproduces on 2026.5.2)
  • OS: Windows 11
  • Node.js: v24.14.0
  • Channel: Feishu (WebSocket mode)
  • Endpoint: https://api.minimaxi.com/anthropic (CN station)
  • Model: MiniMax-M2.7
  • Same API key works in custom HTTP clients sending X-Api-Key directly

Config

{
  "models": {
    "providers": {
      "minimax": {
        "baseUrl": "https://api.minimaxi.com/anthropic",
        "api": "anthropic-messages",
        "authHeader": true,
        "apiKey": "***",
        "models": [{"id": "MiniMax-M2.7", "...": "..."}]
      }
    }
  }
}

Steps to reproduce

  1. Configure MiniMax CN endpoint as above with a valid CN-side API key
  2. Set as primary model: minimax/MiniMax-M2.7
  3. Trigger any LLM call (chat, cron job, anything)
  4. Observe consistent 401 failure

Expected behavior

Request authenticates and returns 200.

Actual behavior

Every request returns:

LLM error authentication_error:
login fail: Please carry the API secret key in the 'X-Api-Key' field
of the request header

Error fingerprint is stable across runs: sha256:ea27aea55de3

Root cause hypothesis

Reading dist/mantle-anthropic.runtime-*.js, the client is built with:

createClient({
  apiKey: null,
  authToken: apiKey,  // <-- routed via Anthropic SDK authToken
  baseURL: resolveMantleAnthropicBaseUrl(model.baseUrl),
  ...
})

The Anthropic SDK's authToken parameter produces Authorization: Bearer <token> headers, NOT x-api-key. While api.minimax.io (international) may accept Bearer auth, api.minimaxi.com (CN) strictly requires X-Api-Key header.

The user-facing authHeader: true config flag (intended to switch to Bearer per #50737's description) is also not honored on the runtime path for anthropic-messages providers — making this a configuration dead-end.

Related

  • PR #50737 "Fix anthropic auth header" — open since 2026-03-20, blocked on ClawSweeper "needs real behavior proof" check
  • Issue #83449 — closed, but maintainer's reproduction only tested api.minimax.io (international), not the CN endpoint

Workaround

Switch primary model away from MiniMax to e.g. volcengine-plan. This is what we are doing as a temporary measure, but loses access to MiniMax models.

Severity

P1 for any user relying on MiniMax CN endpoint (which is the only viable option for China-based users due to network conditions).

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

FAQ

Expected behavior

Request authenticates and returns 200.

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - 💡(How to fix) Fix [Bug]: MiniMax CN endpoint (api.minimaxi.com) auth fails with 401 in 2026.5.x — authHeader:true config not honored at runtime