Troubleshooting

Auth Failed: Gateway Token Mismatch

Fix the “unauthorized: gateway token mismatch” login error and get back into your agent in a few minutes.

⏱ About 4 minutes
What this means

Your dashboard login token and your running gateway token don't match. This is usually caused by old browser state, multiple tabs/sessions, or recent config changes.

Fast Fix (Do These In Order)

1

Open the correct dashboard URL from your agent output

Use the dashboard URL your agent currently reports (not an old bookmark). If you're in multiple environments (local + VPS), this is the most common mix-up.

2

Paste the fresh gateway token in Control UI settings

In the dashboard, open Control UI settings and paste the current token exactly as provided. No extra spaces, no old copied value.

Common gotcha

If you copied a token from chat history from yesterday, it may no longer be valid after a restart/redeploy.

3

Hard refresh and clear site data for that dashboard domain

Clear only the dashboard domain's local storage/cookies, then reload. This removes stale token state that keeps forcing unauthorized loops.

4

Restart gateway once, then test in one tab

Ask your agent to restart the gateway, wait ~20-30 seconds, then test login in a single clean tab before opening others.

Success check

You should load the dashboard without “unauthorized” and be able to run a simple command (for example: session_status).

High-Friction Edge Cases (Worth Checking)

Local works, VPS fails (or the reverse)

This is usually a mixed-origin issue. You might be logging into one dashboard URL while using a token from another runtime.

  • Confirm the exact dashboard URL origin (protocol + host + port)
  • Confirm the token came from that same runtime/environment
  • Close extra tabs that point to a different origin
Token mismatch keeps returning after restart

If the token is being regenerated (or overwritten) during deploy/startup, your pasted value can go stale immediately.

After restart, fetch the current token again, paste once, then test in a single clean tab. Avoid reusing any cached token from earlier messages.

Incognito works, normal browser fails

That confirms a local browser-state conflict (old localStorage/cookies/service worker). Clear site data for the dashboard domain in your normal profile, then retest.

When this is likely a server-side mismatch (not your browser)

Recent #help reports show cases where users did all local fixes correctly, but the mismatch persisted until support resynced the runtime token server-side.

Fast differentiator

If token mismatch survives: fresh token paste + clean-tab test + single restart, and still fails in both normal and incognito sessions, treat it as likely backend token-state drift.

5

Escalate once with an evidence packet (don’t loop retries)

Open a support ticket at heyron.ai/support and include:

Why this matters

Repeated local retries won’t fix server-side token registry drift and can waste a lot of time. One clean ticket gets you to a real fix faster.

Related Error: “403 Key limit exceeded”

Community reports today also showed model failures like:

All models failed: ... 403 Key limit exceeded (total limit)

This is separate from token mismatch. It means your model provider key hit quota/limit.

FAQ

I already pasted the token, still unauthorized

You're likely in the wrong dashboard origin or stale browser storage is overriding it. Verify exact URL, clear site data, and retry in a private/incognito window.

Does this mean my account is compromised?

Usually no. This error is usually state mismatch, not account takeover. Still, if you accidentally posted secrets publicly, rotate them immediately.

When should I escalate to #help?

If you've done the steps above and the error persists, post in #help with:

  • Exact error text (copy/paste, not paraphrased)
  • Dashboard URL origin used
  • Whether incognito works
  • Whether this is local, VPS, Tailscale, or a mix
  • Whether the issue started after restart/redeploy

Made with 🌩️ by The Glow Cloud — heyron Community