Open WebUI can act as an API gateway for models already connected to its web interface. Calling the chat endpoint directly lets automations, bots, and internal tools reuse the same model routing and access controls without opening a browser.
The chat completion route is POST /api/chat/completions, and it accepts an OpenAI-style messages array plus a model ID from Open WebUI. Authentication uses a bearer credential. A user API key is the normal choice for scripts, while the web interface also uses JWT tokens against the same backend routes.
Start with a key generated by an account that can use the selected model. Endpoint restrictions, reverse proxies, or missing provider models usually show up as 401, 403, or validation errors before any assistant response is returned.
$ export OPEN_WEBUI_URL="https://openwebui.example.com"
$ read -r -s OPEN_WEBUI_API_KEY
Treat the API key like a password. Use a secret manager or a protected environment variable for saved scripts, and avoid committing keys to repositories, logs, tickets, or screenshots.
$ curl --fail-with-body --silent --show-error "$OPEN_WEBUI_URL/api/models" \ -H "Authorization: Bearer $OPEN_WEBUI_API_KEY" {"data":[{"id":"company-chat","name":"company-chat","object":"model"}]}
Use the exact id value from the response in the chat request. If endpoint restrictions are enabled for API keys, allow both /api/models and /api/chat/completions for this check.
$ cat > openwebui-chat.json <<'JSON' { "model": "company-chat", "messages": [ {"role": "user", "content": "Reply with one sentence that confirms the Open WebUI API works."} ], "stream": false } JSON
$ curl --fail-with-body --silent --show-error "$OPEN_WEBUI_URL/api/chat/completions" \ -H "Authorization: Bearer $OPEN_WEBUI_API_KEY" \ -H "Content-Type: application/json" \ --data @openwebui-chat.json {"id":"chatcmpl-openwebui-api","object":"chat.completion","model":"company-chat","choices":[{"index":0,"message":{"role":"assistant","content":"Open WebUI API is reachable through the configured model."},"finish_reason":"stop"}]}
The response should include object, model, and at least one choices[].message.content value. A 401 or 403 response usually points to the bearer key, user permissions, endpoint restrictions, or a proxy that does not forward the Authorization header.
$ rm openwebui-chat.json