[BUG] 2.1.94 regression: Bedrock API key (AWS_BEARER_TOKEN_BEDROCK) returns 403 "Authorization header is missing" — works on 2.1.92

Resolved 💬 3 comments Opened Apr 8, 2026 by rockydev Closed Apr 8, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

After upgrading to v2.1.94, authentication via AWS_BEARER_TOKEN_BEDROCK stopped working. The bearer
token is no longer sent as an Authorization: Bearer header, resulting in a 403 "Authorization
header is missing" error.

Debug logs show the auth flow is skipping the bearer token entirely — Authorization header: false
appears in the request debug output.

Downgrading to v2.1.92 resolves the issue.

What Should Happen?

Claude Code should send the AWS bearer token as an Authorization: Bearer <token> header when
AWS_BEARER_TOKEN_BEDROCK is configured, as it did in v2.1.92.

Confirmed working when pinned
to v2.1.92 with DISABLE_AUTOUPDATER=1.

Error Messages/Logs

# Startup — token present in env config
  [DEBUG] CA certs: Config fallback - globalEnv keys: , settingsEnv keys:
  CLAUDE_CODE_USE_BEDROCK,AWS_BEARER_TOKEN_BEDROCK,AWS_REGION,ANTHROPIC_MODEL

  # Every API request — token NOT applied to client
  [DEBUG] [API:request] Creating client, ANTHROPIC_CUSTOM_HEADERS present: false, has Authorization
  header: false
  [ERROR] API error (attempt 1/11): 403 403 {"Message":"Authorization header is missing"}

  [DEBUG] [API:request] Creating client, ANTHROPIC_CUSTOM_HEADERS present: false, has Authorization
  header: false
  [ERROR] API error (attempt 2/11): 403 403 {"Message":"Authorization header is missing"}

  [DEBUG] [API:request] Creating client, ANTHROPIC_CUSTOM_HEADERS present: false, has Authorization
  header: false
  [ERROR] API error (attempt 3/11): 403 403 {"Message":"Authorization header is missing"}

  # ... repeats through all 11 retry attempts

Steps to Reproduce

  1. Set AWS_BEARER_TOKEN_BEDROCK=<your-token>, AWS_REGION=<region>, CLAUDE_CODE_USE_BEDROCK=1
  2. Run claude v2.1.94
  3. Send any prompt

Expected: Request succeeds with bearer token in Authorization header
Actual: 403 {"Message":"Authorization header is missing"}has Authorization header: false
logged on every attempt

Claude Model

Not sure / Multiple models

Is this a regression?

Yes, this worked in a previous version

Last Working Version

2.1.92

Claude Code Version

2.1.94 (Claude Code)

Platform

AWS Bedrock

Operating System

macOS

Terminal/Shell

iTerm2

Additional Information

  • Works: v2.1.92
  • Broken: v2.1.94
  • Auth method: AWS_BEARER_TOKEN_BEDROCK (ABSK)
  • Workaround: Pin to v2.1.92 with DISABLE_AUTOUPDATER=1
  • ANTHROPIC_BEDROCK_BASE_URL is NOT set — Claude Code builds the endpoint from AWS_REGION

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗