diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
index 70475a7f7b..b23fe28409 100644
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@@ -1272,9 +1272,13 @@ app.add_middleware(SecurityHeadersMiddleware)
 class APIKeyRestrictionMiddleware(BaseHTTPMiddleware):
     async def dispatch(self, request: Request, call_next):
         auth_header = request.headers.get("Authorization")
+        token = None
+
+        if auth_header:
+            scheme, token = auth_header.split(" ")
 
         # Only apply restrictions if an sk- API key is used
-        if auth_header and auth_header.startswith("sk-"):
+        if token and token.startswith("sk-"):
             # Check if restrictions are enabled
             if request.app.state.config.ENABLE_API_KEY_ENDPOINT_RESTRICTIONS:
                 allowed_paths = [
@@ -1294,9 +1298,11 @@ class APIKeyRestrictionMiddleware(BaseHTTPMiddleware):
                 )
 
                 if not is_allowed:
-                    raise HTTPException(
+                    return JSONResponse(
                         status_code=status.HTTP_403_FORBIDDEN,
-                        detail="API key not allowed to access this endpoint.",
+                        content={
+                            "detail": "API key not allowed to access this endpoint."
+                        },
                     )
 
         response = await call_next(request)