Hello Vercel Support,
I have already topped up 10 USD credit.
I am unable to use Vercel AI Gateway from my account. Every request fails with a 403 error.
{
"error": {
"message": "Forbidden.",
"type": "access_denied"
}
}
I have already checked my local network and confirmed that the request can reach Vercel’s
AI Gateway endpoint. The issue appears to be account, API key, or permission related.
Team ID: team_ojNl1oMW6GzyqC10QnXl0UKH
Hi Edward,
First, I’d edit the post and remove the Team ID. It is not an API key, but it is still better not to leave account identifiers public.
For the 403 itself, I’d separate “the key is recognized” from “the workspace can run inference.” The fastest check is to test both model listing and a tiny completion with the same key from a local terminal:
curl -i "https://ai-gateway.vercel.sh/v1/models" \
-H "Authorization: Bearer $AI_GATEWAY_API_KEY" \
-H "Content-Type: application/json"
Then:
curl -i "https://ai-gateway.vercel.sh/v1/chat/completions" \
-H "Authorization: Bearer $AI_GATEWAY_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "openai/gpt-5.4",
"messages": [{ "role": "user", "content": "test" }],
"stream": false
}'
If /v1/models returns 200 but /v1/chat/completions returns 403 access_denied, that usually means the base URL, bearer header, and key format are probably correct, and the issue is more likely workspace/account-side access rather than your local network.
If both fail with 403, I’d create a new AI Gateway API key from the same workspace and test again. Don’t post the key publicly, but the useful details to share are the two status codes, the redacted error body, the request timestamp, and the X-Vercel-Id response header from the 403.
Hi Ryu,
Thank you for your reply.
Testing /v1/models returns 200 but /v1/chat/completions returns 403 access_denied
HTTP/2 403
cache-control: public, max-age=0, must-revalidate
content-type: application/json
date: Mon, 22 Jun 2026 11:38:32 GMT
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
x-matched-path: /v1/chat/completions
x-vercel-cache: MISS
x-vercel-id: sin1::fra1::spqsq-1782128311682-72dfa5316781
Hi Edward,
Thanks, that result is the important one.
Since /v1/models returns 200, the Gateway endpoint, bearer token format, and key recognition are likely correct. Since /v1/chat/completions returns 403 access_denied, this does not look like a local network issue or a model-listing issue anymore.
I’d try one last user-side check: create a brand-new AI Gateway API key from the same workspace after the credit top-up, then run the same two curl tests again. If the new key still gives:
GET /v1/models => 200
POST /v1/chat/completions => 403 access_denied
then I don’t think more SDK/app debugging will help.
The useful summary to keep in the thread is:
GET /v1/models: 200
POST /v1/chat/completions: 403 access_denied
Direct terminal request
Credit already topped up
X-Vercel-Id: sin1::fra1::spqsq-1782128311682-72dfa5316781
Date: Mon, 22 Jun 2026 11:38:32 GMT
Also, if you still can, I’d remove the Team ID from the original post and keep only the X-Vercel-Id + timestamp public. That should be enough for Vercel to correlate the failed request without exposing account identifiers.