2.1.118: 401 auth error with custom ANTHROPIC_BASE_URL (third-party provider, worked in 2.1.112)

Resolved 💬 3 comments Opened Apr 23, 2026 by gongty Closed May 27, 2026

Bug Description

After auto-updating from 2.1.112 → 2.1.118, Claude Code agents started returning 401 Unauthorized errors when using a custom ANTHROPIC_BASE_URL with a third-party provider (DashScope/Bailian). Rolling back to 2.1.112 immediately fixes the issue.

Environment

  • Claude Code version: 2.1.118 (broken) / 2.1.112 (works)
  • OS: macOS 24.1.0
  • Shell: zsh
  • Launched via: Paseo (Claude Code shell app), agent ID cc798e0f-2f7e-45cf-a733-fa98ee507d15

Configuration

Custom provider configured via agents.json:

{
  "agents": {
    "providers": {
      "bailian": {
        "extends": "claude",
        "env": {
          "ANTHROPIC_API_KEY": "<bailian-key>",
          "ANTHROPIC_BASE_URL": "https://dashscope.aliyuncs.com/apps/anthropic"
        },
        "models": [
          { "id": "qwen3.6-plus", "label": "Qwen 3.6 Plus", "isDefault": true }
        ]
      }
    }
  }
}

Steps to Reproduce

  1. Configure a custom provider with ANTHROPIC_BASE_URL pointing to a non-Anthropic Anthropic-compatible endpoint
  2. Use an API key valid for that endpoint (not a real Anthropic key)
  3. Run Claude Code 2.1.118 with this configuration
  4. Any agent/conversation immediately returns 401 Unauthorized

Expected Behavior

Same as 2.1.112: requests are forwarded to the custom ANTHROPIC_BASE_URL with the provided key, without additional Anthropic-side key validation.

Actual Behavior

401 error. The key is confirmed valid — direct curl calls to the same endpoint with the same key succeed:

curl -X POST https://dashscope.aliyuncs.com/apps/anthropic/v1/messages \
  -H "x-api-key: <key>" \
  -H "anthropic-version: 2023-06-01" \
  -H "Content-Type: application/json" \
  -d '{"model":"qwen3.6-plus","max_tokens":10,"messages":[{"role":"user","content":"hi"}]}'
# Returns valid response ✓

Hypothesis

2.1.118 may have introduced an additional validation/telemetry call against the real Anthropic API (e.g., statsig, usage tracking, or key verification) that runs before or alongside the custom base URL path. This call would use the third-party key against Anthropic's own auth endpoint, causing a 401.

Relevant 2.1.118 changelog entries that might be related:

  • "Fixed /login having no effect in a session launched with CLAUDE_CODE_OAUTH_TOKEN — the env token is now cleared so disk credentials take effect"
  • "Fixed connecting to a remote session overwriting your local model setting"

Workaround

Roll back to 2.1.112:

ln -sf ~/.local/share/claude/versions/2.1.112 ~/.local/bin/claude

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗