openai provider fails with 401 on API Gateway using Ocp-Apim-Subscription-Key due to conflicting Authorization header

[jaroslavkolin-sa]

Before submitting your bug report

• I've tried using the "Ask AI" feature on the Continue docs site to see if the docs have an answer
• I'm not able to find a related conversation on GitHub discussions that reports the same bug
• I'm not able to find an open issue that reports the same bug
• I've seen the troubleshooting guide on the Continue Docs

Relevant environment info

OS: [win 11]
    Continue version: [latest 14/1/26]

VS Code version: Version: 1.108.0 (system setup)
Commit: 94e8ae2b28cb5cc932b86e1070569c4463565c37
Date: 2026-01-08T13:53:10.781Z
Electron: 39.2.7
ElectronBuildId: 12953945
Chromium: 142.0.7444.235
Node.js: 22.21.1
V8: 14.2.231.21-electron.0
OS: Windows_NT x64 10.0.22631

models:
  - title: "Custom LLM"
    provider: "openai"
    model: "my-custom-model"
    apiBase: "https://my-api-gateway.com/v1"
    apiKey: "some_dummy_value" # Required by the provider, but not used by the API
    headers:
      Ocp-Apim-Subscription-Key: "my_real_subscription_key"

Description

When configuring the openai provider to connect to a custom OpenAI-compatible endpoint hosted behind an API Gateway (like Azure APIM), the request fails with a 401 Unauthorized error. The gateway requires an Ocp-Apim-Subscription-Key header for authentication and does not use the standard Authorization: Bearer header.

The issue seems to be that the openai provider automatically injects an Authorization: Bearer header, which conflicts with the required Ocp-Apim-Subscription-Key, causing the API Gateway to reject the request.

To reproduce

To Reproduce

Configure a model using the openai provider to point to an endpoint that uses a subscription key header for auth.
My configuration in config.yaml:

models:
  - title: "Custom LLM"
    provider: "openai"
    model: "my-custom-model"
    apiBase: "https://my-api-gateway.com/v1"
    apiKey: "some_dummy_value" # Required by the provider, but not used by the API
    headers:
      Ocp-Apim-Subscription-Key: "my_real_subscription_key"

Attempt to send a request to the model from the Continue sidebar.
The request fails with a 401 Unauthorized error (with no response body).

Expected behavior

The request should succeed with a 200 OK status, as the correct authentication key is provided in the headers section. The provider should ideally not send the Authorization header if it's not needed or allow it to be fully overridden.

Validation and Troubleshooting

I have confirmed that the endpoint, API key (Ocp-Apim-Subscription-Key), and network configuration (including proxy) are all correct.

Log output

401 status code (no body)

[sestinj]

Related issues:

• IntelliJ: duplicate authorization header sent for OpenAI models, causing authentication failure #7047 - IntelliJ: duplicate authorization header sent for OpenAI models, causing authentication failure (CLOSED)
• Bug: Anthropic provider fails with Azure AI Foundry endpoints (incorrect auth header) #9009 - Bug: Anthropic provider fails with Azure AI Foundry endpoints (incorrect auth header) (CLOSED)