API troubleshooting

Fix hosted API errors without sharing secrets.

Use safe checks for generated keys, billing state, quotas, rate limits, and backend availability before changing an agent or opening a support request.

No provider key or credit card required until your generated sk_sage key exists.

Hosted model traffic uses https://api.sagerouter.dev/v1, generated sk_sage_* keys, and route profiles such as sage-router/frontier.

Before support

Do not paste prompts or credentials.

  • Do not paste prompts, workflow text, customer data, provider responses, or private business context.
  • Do not paste provider credentials, OAuth tokens, generated API keys, private keys, session cookies, or raw Authorization headers.
  • Safe context is limited to timestamp, HTTP status, safe error class, route profile, plan, request id if present, and the non-secret key prefix only.
Endpoint

Check base URL

Use https://api.sagerouter.dev/v1 for hosted OpenAI-compatible clients. Browser account UI lives on https://app.sagerouter.dev, not the API host.

Key

Check prefix

Hosted model traffic requires an active generated sk_sage_* key. Full keys are shown once and should never be pasted into support.

Route

Check profile

Start with sage-router/frontier. Use the public model catalog for discovery, but remember live /v1/models is authenticated.

StatusWhat it meansUseful response signalsNext action
401 The key is missing, revoked, inactive, malformed, or not a Sage Router generated key. WWW-Authenticate, JSON accountUrl, pricingUrl, statusUrl, openaiBaseUrl, apiKeyPrefix. Confirm the client sends Authorization: Bearer sk_sage_..., regenerate the key if needed, then test /v1/models from the account page or curl.
402 The account, plan, billing, quota, or activation state blocks routing. X-Quota-Limit, X-Quota-Used, X-Quota-Remaining, X-Quota-Period, and account or pricing links in the JSON body. Finish checkout or manual activation, review current usage, upgrade the plan, or wait for the quota period to reset.
429 The request-per-minute limit or abuse control was reached. Retry-After, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, and quota headers. Reduce concurrency, retry after the indicated delay, batch less aggressively, or upgrade to a plan with a higher rate limit.
403 / 1010 Cloudflare blocked the HTTP client fingerprint before the request reached Sage Router. JSON body with error_code: 1010 or browser_signature_banned; no X-Sage-Router-* headers. Use the OpenAI SDK, curl, or set a normal User-Agent for raw urllib-style clients; then retry /v1/models.
503 No healthy authorized backend route is currently available. Status page health, selected upstream, backend health checks, and any safe request id or route profile name. Check public status, verify local/Tailnet router health if using a private install, and retry after failover or backend recovery.

Safe probes

Use headers first, then a tiny chat check.

curl -i https://api.sagerouter.dev/v1/models \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "User-Agent: OpenAI-compatible-client/1.0"

curl -i https://api.sagerouter.dev/v1/chat/completions \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "User-Agent: OpenAI-compatible-client/1.0" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "sage-router/frontier",
    "messages": [{"role": "user", "content": "Return ok."}]
  }'

Support packet

Keep only safe diagnostics.

  • Keep HTTP status, timestamp with timezone, route profile, plan, and whether the same key passes the account-page API key test.
  • Keep non-secret headers such as WWW-Authenticate, Retry-After, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-Quota-Limit, X-Quota-Used, X-Quota-Remaining, and X-Quota-Period.
  • Keep JSON onboarding links such as accountUrl, pricingUrl, statusUrl, openaiBaseUrl, and the non-secret apiKeyPrefix. Remove full bearer tokens and prompt bodies.

Boundary

Troubleshooting does not change provider authorization.

Sage Router hosted plans sell routing infrastructure, account management, generated keys, quotas, analytics, and reliability checks. They do not bypass provider authorization, pool personal accounts, or grant unauthorized model access.