Investigating the HTTP 200 unauthorized response issue

Hello LiveKit Support,

We are troubleshooting a connection issue on our LiveKit Cloud project bg-interviews-2-jru6e6g5.livekit.cloud and found what appears to be a server-side issue with the regions endpoint.

Observed behavior
The endpoint below returns HTTP 200 OK with a plain-text body of “unauthorized”:

https://bg-interviews-2-jru6e6g5.livekit.cloud/settings/regions

Expected behavior
We would expect one of the following:

1. HTTP 200 with valid JSON region data for authenticated requests

2. HTTP 401 for unauthenticated or invalid requests

Why this is causing failures
The LiveKit JS SDK’s region handling treats any 200 response as success and then attempts to parse the body as JSON. Because the response body is the string “unauthorized” instead of valid JSON, response.json() throws a parse error. That error is then surfaced by the SDK as ConnectionError.serverUnreachable.

What we have confirmed

• curl https://bg-interviews-2-jru6e6g5.livekit.cloud/settings/regions returns HTTP 200 with body “unauthorized”

• Worker registration succeeds against the same project, so the API key/secret pair appears valid

• The failure is specifically tied to the /settings/regions response format/authorization behavior

Request
Could you please check why this project’s /settings/regions endpoint is returning “unauthorized” with HTTP 200, including for SDK-authenticated requests?

It would help to know:

• whether this endpoint is misconfigured for this specific project

• whether region lookup is enabled/disabled incorrectly on the project

• whether the endpoint is expected to require authentication, and if so, why it is returning 200 instead of 401

If needed, we can also provide SDK logs and token-generation details.

Regards,
Ameh

Hi, what is the actual issue you are facing? It feels like this question about the /settings/regions endpoint is the result of a prior investigation, but I wonder what you were investigating

Hi Darryn, thanks for reaching out.

I was able to fix it. Here is what I did:

1. DNS Resolution Failure
Problem: The LiveKit agent running on the hosting platform could not resolve the LiveKit Cloud hostname. DNS lookups failed inside the Docker container, preventing the agent from connecting.

Fix: Added a DNS override in the startup script that writes a stable nameserver to /etc/resolv.conf before the agent starts.

2. Regions HTTP Request Failure
Problem: After DNS was fixed, the agent worker registered successfully, but when it tried to join a room, the native RTC binary failed to fetch the regions/settings endpoint. The issue was network/TLS related, not authentication related.

Root cause: The slim Docker image lacked required CA certificates and OpenSSL libraries. Node.js worked because it bundled its own CA certificates, while the native binary depended on system-level TLS libraries.

Fix: Installed ca-certificates and openssl in the runtime image.

3. Audio Capture Unavailable
Problem: The agent joined the room and asked questions, but could not hear the candidate. Logs showed repeated audio capture unavailable errors because the candidate microphone track was not properly subscribed.

Root cause:

• The ICE transport configuration forced relay-only behavior without the required TURN setup.

• Auto-subscribe behavior did not handle late-joining participants correctly.

Fix: Removed the custom RTC config and switched to subscribing to all tracks so late-joining participant audio is captured automatically.

I’m glad your issues are fixed

Those sound like quite fundamental issues and AI diagnoses. I strongly recommend you add our MCP server and agent skills to your agent for more reliable advice and generation: Coding agent support and tools | LiveKit Documentation