diff --git a/gadget-code/src/models/ai-provider.ts b/gadget-code/src/models/ai-provider.ts
index 59cfa49..42dc9c0 100644
--- a/gadget-code/src/models/ai-provider.ts
+++ b/gadget-code/src/models/ai-provider.ts
@@ -63,7 +63,7 @@ export const AiProviderSchema = new Schema<IAiProvider>({
   name: { type: String, required: true },
   apiType: { type: String, enum: ["ollama", "openai"], required: true },
   baseUrl: { type: String, required: true },
-  apiKey: { type: String, required: false, select: false, default: "" },
+  apiKey: { type: String, required: false, default: "" },
   enabled: { type: Boolean, default: true, required: true },
   models: { type: [AiModelSchema], default: [], required: true },
   lastModelRefresh: { type: Date, default: Date.now },
diff --git a/gadget-code/src/services/chat-session.ts b/gadget-code/src/services/chat-session.ts
index 2ffa3bc..37db14f 100644
--- a/gadget-code/src/services/chat-session.ts
+++ b/gadget-code/src/services/chat-session.ts
@@ -59,7 +59,7 @@ class ChatSessionService extends DtpService {
         },
       ],
     },
-    { path: "provider" },
+    { path: "provider", select: "+apiKey" },
   ];
   public populateChatTurn: PopulateOptions[] = [
     {
@@ -153,7 +153,7 @@ class ChatSessionService extends DtpService {
     const session = await ChatSession.findById(chatSessionId)
       .populate("user", "-passwordSalt -password")
       .populate("project")
-      .populate("provider")
+      .populate("provider", "+apiKey")
       .lean();
 
     if (!session) {
@@ -170,7 +170,7 @@ class ChatSessionService extends DtpService {
     const sessions = await ChatSession.find({ project: projectId })
       .populate("user", "-passwordSalt -password")
       .populate("project")
-      .populate("provider")
+      .populate("provider", "+apiKey")
       .sort({ createdAt: -1 })
       .lean();
 
@@ -184,7 +184,7 @@ class ChatSessionService extends DtpService {
     const sessions = await ChatSession.find({ user: userId })
       .populate("user", "-passwordSalt -password")
       .populate("project")
-      .populate("provider")
+      .populate("provider", "+apiKey")
       .sort({ createdAt: -1 })
       .lean();
 
@@ -395,6 +395,14 @@ class ChatSessionService extends DtpService {
     const dbProvider: IAiProvider = session.provider as IAiProvider;
     const provider: IAiApiProvider = this.mapDbProviderToConfig(dbProvider);
 
+    if (!provider.apiKey) {
+      const error = new Error(
+        `Provider "${provider.name}" (${provider._id}) has no apiKey configured`,
+      );
+      error.statusCode = 400;
+      throw error;
+    }
+
     this.log.info("calling provider to generate chat session title", {
       provider: {
         _id: provider._id,
diff --git a/gadget-code/src/services/session.ts b/gadget-code/src/services/session.ts
index 3153806..8b31073 100644
--- a/gadget-code/src/services/session.ts
+++ b/gadget-code/src/services/session.ts
@@ -104,10 +104,10 @@ class SessionService extends DtpService {
       const user = await UserService.getById(userId);
       return user;
     } catch (cause) {
-      this.log.error("failed to verify JSON Web Token", {
-        token,
-        error: cause,
-      });
+      // this.log.error("failed to verify JSON Web Token", {
+      //   token,
+      //   error: cause,
+      // });
       const error = new Error("Invalid JSON Web Token", { cause });
       error.name = "TokenVerifyError";
       error.statusCode = 401;