[Bug]: Impossible to unblock a key using admin API key - returns token_not_found_in_db

[subnet-dev]

What happened?

I'm trying to use the /key/unblock endpoint with an admin API key ($OPENAI_API_KEY) to unblock a previously blocked key.

Steps performed:

1. List keys via GET /key/list
2. Block one specific key using POST /key/block
3. Try to unblock the same key using POST /key/unblock

Expected behavior:

• The key should be successfully unblocked, returning updated key metadata.

Actual behavior:

• The response is an authentication error indicating that the key used for authorization was not found in the database:

{
  "error": {
    "message": "Authentication Error, Invalid proxy server token passed. key=e3d9cc8672ccc169a3731577e92779c0c6840b94231950a51c457f18ad26de88, not found in db. Create key via `/key/generate` call.",
    "type": "token_not_found_in_db",
    "param": "key",
    "code": "401"
  }
}

What did you expect to happen?

Using an admin-level API key (Authorization: Bearer $OPENAI_API_KEY) should allow access to all administrative endpoints such as /key/unblock, just like it does for /key/block.

The key should get unblocked without triggering a DB lookup failure or misinterpretation of the auth token.

Relevant log output

curl -s --header "Authorization: Bearer $OPENAI_API_KEY" 'https://inference-dev.example.com/key/list?size=100'

# Successfully lists keys including:
"c521b25d486d2d423bc5f989e9b00ceeae84c0d849a508aa429cd2f175331aed"

# Then block the key:
curl -s -X POST https://inference-dev.example.com/key/block \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H 'Content-Type: application/json' \
  -d '{"key": "c521b25d486d2d423bc5f989e9b00ceeae84c0d849a508aa429cd2f175331aed"}'

# Returns correct data with "blocked": true

# Now try to unblock:
curl -s -X POST https://inference-dev.example.com/key/unblock \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H 'Content-Type: application/json' \
  -d '{"key": "c521b25d486d2d423bc5f989e9b00ceeae84c0d849a508aa429cd2f175331aed"}'

# Response:
{
  "error": {
    "message": "Authentication Error, Invalid proxy server token passed. key=e3d9cc8672ccc169a37XXXXX, not found in db. Create key via `/key/generate` call.",
    "type": "token_not_found_in_db",
    "param": "key",
    "code": "401"
  }
}

Note: The returned invalid key (e3d9...) doesn't match the actual key being manipulated.

Relevant log output

Are you a ML Ops Team?

No

What LiteLLM version are you on ?

v1.74.15

Twitter / LinkedIn details

No response

[subnet-dev]

@krrishdholakia

[aunt-bitsy]

1.75.8. Issue with key block/unblock:
Block works with token, unblock does not work with token. Looks like LiteLLM is rehashing the token before lookup.

[krrishdholakia]

able to reproduce this issue