[Urgent] I keep getting 401s for valid API-Keys

Hey everyone. I deployed the latest version of my app but keep getting 401s (in prod) and I can't seem to find the issue.

In my testbox I'm logging this:

 const h = c.req.raw.headers.get("x-api-key") || "";
    const verify = await auth.api.verifyApiKey({
      body: {
        key: h,
      },
    });
    console.log({ verify });

    const session = await auth.api.getSession({
      headers: new Headers({
        "x-api-key": h.trim(),
      }),
    });

    console.log({ session });

 const h = c.req.raw.headers.get("x-api-key") || "";
    const verify = await auth.api.verifyApiKey({
      body: {
        key: h,
      },
    });
    console.log({ verify });

    const session = await auth.api.getSession({
      headers: new Headers({
        "x-api-key": h.trim(),
      }),
    });

    console.log({ session });

 const h = c.req.raw.headers.get("x-api-key") || "";
    const verify = await auth.api.verifyApiKey({
      body: {
        key: h,
      },
    });
    console.log({ verify });

    const session = await auth.api.getSession({
      headers: new Headers({
        "x-api-key": h.trim(),
      }),
    });

    console.log({ session });

 const h = c.req.raw.headers.get("x-api-key") || "";
    const verify = await auth.api.verifyApiKey({
      body: {
        key: h,
      },
    });
    console.log({ verify });

    const session = await auth.api.getSession({
      headers: new Headers({
        "x-api-key": h.trim(),
      }),
    });

    console.log({ session });

This prints:

{
  verify: {
    valid: true,
    error: null,
    key: {
      name: 'test',
      start: 'ANoPxW',
      prefix: null,
      userId: 'l2spq7at27gddtswrq3c35vb',
      refillInterval: null,
      refillAmount: null,
      lastRefillAt: null,
      enabled: true,
      rateLimitEnabled: true,
      rateLimitTimeWindow: 86400000,
      rateLimitMax: 5000,
      requestCount: 8,
      remaining: null,
      lastRequest: 2025-10-22T06:21:28.555Z,
      expiresAt: null,
      createdAt: 2025-10-22T05:29:49.481Z,
      updatedAt: 2025-10-22T05:29:49.481Z,
      permissions: [Object],
      metadata: null,
      id: 'f5ng3ajbc2u4mtbv1av5x2uh'
    }
  }
}

{
  verify: {
    valid: true,
    error: null,
    key: {
      name: 'test',
      start: 'ANoPxW',
      prefix: null,
      userId: 'l2spq7at27gddtswrq3c35vb',
      refillInterval: null,
      refillAmount: null,
      lastRefillAt: null,
      enabled: true,
      rateLimitEnabled: true,
      rateLimitTimeWindow: 86400000,
      rateLimitMax: 5000,
      requestCount: 8,
      remaining: null,
      lastRequest: 2025-10-22T06:21:28.555Z,
      expiresAt: null,
      createdAt: 2025-10-22T05:29:49.481Z,
      updatedAt: 2025-10-22T05:29:49.481Z,
      permissions: [Object],
      metadata: null,
      id: 'f5ng3ajbc2u4mtbv1av5x2uh'
    }
  }
}

{
  verify: {
    valid: true,
    error: null,
    key: {
      name: 'test',
      start: 'ANoPxW',
      prefix: null,
      userId: 'l2spq7at27gddtswrq3c35vb',
      refillInterval: null,
      refillAmount: null,
      lastRefillAt: null,
      enabled: true,
      rateLimitEnabled: true,
      rateLimitTimeWindow: 86400000,
      rateLimitMax: 5000,
      requestCount: 8,
      remaining: null,
      lastRequest: 2025-10-22T06:21:28.555Z,
      expiresAt: null,
      createdAt: 2025-10-22T05:29:49.481Z,
      updatedAt: 2025-10-22T05:29:49.481Z,
      permissions: [Object],
      metadata: null,
      id: 'f5ng3ajbc2u4mtbv1av5x2uh'
    }
  }
}

{
  verify: {
    valid: true,
    error: null,
    key: {
      name: 'test',
      start: 'ANoPxW',
      prefix: null,
      userId: 'l2spq7at27gddtswrq3c35vb',
      refillInterval: null,
      refillAmount: null,
      lastRefillAt: null,
      enabled: true,
      rateLimitEnabled: true,
      rateLimitTimeWindow: 86400000,
      rateLimitMax: 5000,
      requestCount: 8,
      remaining: null,
      lastRequest: 2025-10-22T06:21:28.555Z,
      expiresAt: null,
      createdAt: 2025-10-22T05:29:49.481Z,
      updatedAt: 2025-10-22T05:29:49.481Z,
      permissions: [Object],
      metadata: null,
      id: 'f5ng3ajbc2u4mtbv1av5x2uh'
    }
  }
}

But then:

{ session: null }

{ session: null }

{ session: null }

{ session: null }

This is my betterAuth config: https://gist.github.com/florianmartens/e1293ac7f2d436ee594849201f1f40bb

Gist

betterAuth config

betterAuth config. GitHub Gist: instantly share code, notes, and snippets.

florian.jsxOP•10/22/25, 6:33 AM

In my latest release, I've enabled teamsteams. Maybe this has something to do with it?

[Urgent] I keep getting 401s for valid API-Keys

Similar Threads

Similar Threads

Similar Threads