Troubleshooting
Use this page for first-pass diagnosis of common Sentinel failures. Start with the symptom that most closely matches what you are seeing, then narrow the issue through the checks below.
Authentication fails at the gateway
Symptom
- request is rejected before provider execution
Likely causes
- wrong key
- wrong environment or project context
- endpoint restriction mismatch
What to check
- confirm the client is sending a Sentinel key, not a provider key
- confirm the key belongs to the intended tenant, project, and environment
- confirm the key's endpoint restrictions allow the requested surface
Provider is configured, but requests still fail
Symptom
- request authenticates but provider execution fails
Likely causes
- inactive config
- missing or invalid secret
- unsupported endpoint for the selected provider
- missing provider-specific metadata such as version or base URL
What to check
- confirm the provider config is active
- confirm the provider secret resolves correctly
- confirm the provider supports the requested endpoint
- confirm any provider-specific base URL or version requirement is configured correctly
Anthropic model sync says API version is required
This usually means the Anthropic provider configuration is missing the version metadata required by the sync path.
Verify the effective api_version, or the equivalent Anthropic version value
configured in Sentinel.
Google SDK method returns path not supported
SDK behavior and raw HTTP routes are not always a 1:1 match. Verify the exact
route the SDK method calls. For example, some Google SDK embedding methods use
batch embedding routes rather than a simple :embedContent request.
Images or media routes time out
Generation and media routes can have different latency characteristics than simple JSON text inference calls.
Verify that route-safe timeout floors and single-attempt behavior are configured appropriately for those routes.
Native lane works over curl but not through the official SDK
Check for:
- base URL override behavior
- how the SDK expects auth to be supplied
- whether the SDK uses uploads, batch semantics, or websocket transports
- whether the example environment supports that SDK path end to end
A raw HTTP success does not always prove SDK compatibility.
What to do next
- Use SDK Compatibility when the issue appears SDK-specific
- Use Providers when the issue looks like provider config or capability mismatch
- Use Production Readiness when the issue is environmental rather than request-specific