llm_team_ui.py

@@ -7064,6 +7064,18 @@ def admin_save_config():
             new_key = prov.get("api_key", "")
             if not new_key:
                 prov["api_key"] = cfg["providers"][name].get("api_key", "")
+            # Enabling a cloud provider requires a usable key (incoming,
+            # stored, or env). Prevents silent auth failures where
+            # `enabled=True` is saved with no key and queries 401 at
+            # call time. get_api_key() checks config + env fallback.
+            if prov.get("enabled") is True:
+                effective_key = prov.get("api_key") or get_api_key(name)
+                if not effective_key:
+                    return jsonify({
+                        "error": f"Cannot enable provider '{name}' without an API key. "
+                                 f"Provide api_key in the request, save a key first, "
+                                 f"or set the environment variable."
+                    }), 400
             cfg["providers"][name].update(prov)
     if "disabled_models" in data:
         cfg["disabled_models"] = data["disabled_models"]