Skip to content

[Bug]: Return 403 exception when calling GET responses api. #17628

New issue
New issue
Closed
#17629
Closed
[Bug]: Return 403 exception when calling GET responses api.#17628
#17629
Labels
bugSomething isn't working
@Eric84626

Description

@Eric84626
Eric84626
opened on Dec 7, 2025

What happened?

Return 403 exception when calling GET responses request.
Forbidden. The response id is not associated with the team, who this key belongs to. To disable this security feature, set general_settings::disable_responses_id_security to True in the config.yaml file.
[https://github.com/BerriAI/litellm/blob/main/litellm/proxy/hooks/responses_id_security.py#L102-L111](

litellm/litellm/proxy/hooks/responses_id_security.py

Lines 102 to 111 in 321ffd7

if response_id_team_id and response_id_team_id != user_api_key_dict.team_id:
if general_settings.get("disable_responses_id_security", False):
verbose_proxy_logger.debug(
f"Responses ID Security is disabled. Response belongs to team {response_id_team_id} but user {user_api_key_dict.user_id} is accessing it with team id {user_api_key_dict.team_id}."
)
return True
raise HTTPException(
status_code=403,
detail="Forbidden. The response id is not associated with the team, who this key belongs to. To disable this security feature, set general_settings::disable_responses_id_security to True in the config.yaml file.",
)
)
I find we can't get any team_obj(team id) from user_api_key_dict in any hook for GET responses api.
And we can see this issue only when using jwt auth.

Relevant log output

Forbidden. The response id is not associated with the team, who this key belongs to. To disable this security feature, set general_settings::disable_responses_id_security to True in the config.yaml file.

Are you a ML Ops Team?

No

What LiteLLM version are you on ?

v1.80.8.rc.1

Twitter / LinkedIn details

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions