diff --git a/app/api/auth.ts b/app/api/auth.ts
index c1f6e7fdec2..b41e34e059b 100644
--- a/app/api/auth.ts
+++ b/app/api/auth.ts
@@ -46,6 +46,13 @@ export function auth(req: NextRequest) {
     };
   }
 
+  if (serverConfig.hideUserApiKey && !!apiKey) {
+    return {
+      error: true,
+      msg: "you are not allowed to access openai with your own api key",
+    };
+  }
+
   // if user does not provide an api key, inject system api key
   if (!apiKey) {
     const serverApiKey = serverConfig.isAzure