Skip to content

files.register_files() sends x-goog-api-key even though the docs say it's unused → 401 OVERLOADED_CREDENTIALS #2674

Description

@dhartushar

Environment

Python 3.10, google-genai 2.10.0

Description

The docs say that for GCS registration the API key "is unused for the registration endpoint." But the client still sends x-goog-api-key on that request, on top of the SA bearer token from auth=. Two credentials on one request → 401 OVERLOADED_CREDENTIALS.

Repro

from google import genai
from google.oauth2.service_account import Credentials

credentials = Credentials.from_service_account_file(
"sa-key.json", scopes=["https://www.googleapis.com/auth/cloud-platform"],
)
client = genai.Client() # GEMINI_API_KEY from env, as the docs show
client.files.register_files(auth=credentials, uris=["gs://my-bucket/object.mp3"])
Result

401 UNAUTHENTICATED - reason: OVERLOADED_CREDENTIALS
method: google.ai.generativelanguage.v1beta.FileService.RegisterFiles
Logging the outgoing request shows both headers on POST /v1beta/files:register:

x-goog-api-key : AQ.Ab8RN… (from the client)
authorization : Bearer ya29… (from register_files auth=)

Cause

BaseApiClient sets x-goog-api-key as a persistent header for every request (_api_client.py), and register_files adds the bearer token (files.py) without removing it. So both go out.

Expected

Registration should send only the auth= bearer token and succeed. Workaround for now is popping x-goog-api-key off client._api_client._http_options.headers around the call.

Metadata

Metadata

Labels

priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions