GeminiIntermediate

How to Fix Common Gemini CLI Authentication Errors

Diagnose and resolve the most frequent sign-in, API key, and quota errors in the Gemini CLI.

7 minIntermediate

Most Gemini CLI failures are not about your prompt; they are about authentication. A stale login, a missing key, or a hit quota all surface as confusing errors. This guide walks through the usual suspects and the exact fix for each.

What you need

  • The Gemini CLI installed
  • Your Google account or API key handy
  • Terminal access
  • About 6 minutes

Step 1: Read the error, not just the red text

Auth errors come in a few flavors. A 401 or unauthenticated message means your credentials are wrong or missing. A 403 often means the key lacks permission or the API is not enabled. A 429 means you have hit a rate or quota limit. Identify which one you have before changing anything.

gemini - error
$gemini -p "hello"
Error: 401 UNAUTHENTICATED
API key not valid. Please pass a valid API key.
$

Step 2: Fix a missing or wrong API key

If you authenticate with a key, confirm the variable is actually set in the shell you are running from. A common trap is exporting the key in one terminal tab and running the CLI in another. Echo it to check, and re-export if it is empty.

terminal
echo $GEMINI_API_KEY
# if empty, set it again:
export GEMINI_API_KEY="AIza...your-key..."
# verify the key itself is valid:
curl "https://generativelanguage.googleapis.com/v1beta/models?key=$GEMINI_API_KEY"
Sign-in versus API key
Login with Google and an API key are two separate auth modes. If you set a key but the CLI is still in Google login mode (or the reverse), it will use credentials you did not expect. Reset the choice from the /auth menu.

Step 3: Reset a broken Google sign-in

If you use Login with Google and tokens have gone stale, clear the cached credentials and sign in fresh. The CLI stores them under your home folder; removing that file forces a clean re-auth on next launch.

gemini - auth menu
> /auth
Select authentication method:
> Login with Google
Use a Gemini API key
Vertex AI
Switching auth mode from the /auth command.

Step 4: Handle a 429 quota error

A 429 means you are sending requests faster than your tier allows, or you have used up the day's free quota. Wait for the window to reset, slow your request rate, or switch to a paid key with higher limits. Switching from Pro to Flash also helps, since Flash has more generous limits.

Check the project, not just the key
A 403 with PERMISSION_DENIED often means the Generative Language API is not enabled on the key's Google Cloud project. Enable it in the Cloud console, then retry.

Result

With the error type identified, the fix is usually fast: re-export the key, reset Google sign-in from /auth, or wait out a quota window. Once credentials are sorted, the same prompt that failed will run cleanly.

Watch related tutorials

Claude Code - Full Tutorial for Beginners1:42:18
Claude Code - Full Tutorial for Beginners
freeCodeCamp.org
Full Claude Code Tutorial for Non-Technical Beginners in 2026 (step-by-step)28:14
Full Claude Code Tutorial for Non-Technical Beginners in 2026 (step-by-step)
AI LABS
FULL Claude Code Tutorial for Beginners in 2026! (Step-By-Step)41:09
FULL Claude Code Tutorial for Beginners in 2026! (Step-By-Step)
Tech With Tim
Claude Code Tutorial #1 - Introduction & Setup9:47
Claude Code Tutorial #1 - Introduction & Setup
Net Ninja
800+ hours of Learning Claude Code in 8 minutes (2026 tutorial / unknown tricks)8:23
800+ hours of Learning Claude Code in 8 minutes (2026 tutorial / unknown tricks)
AI Jason
FULL Claude Tutorial For Beginners in 2026! (FULL COURSE)52:31
FULL Claude Tutorial For Beginners in 2026! (FULL COURSE)
Skill Leap AI
Tags
#gemini-cli#troubleshooting#auth#api-key#errors
All how-to guides