diff --git a/backend/app/gateway/routers/third_party.py b/backend/app/gateway/routers/third_party.py
index 3bda4d7e..600c1d68 100644
--- a/backend/app/gateway/routers/third_party.py
+++ b/backend/app/gateway/routers/third_party.py
@@ -161,6 +161,14 @@ async def _handle_submit(
         await _finalize_zero(frozen_id, record.proxy_call_id, "error exception")
         raise HTTPException(status_code=502, detail=f"Provider unreachable: {exc}") from exc
 
+    # HTTP-level failure
+    if status_code >= 400:
+        reason = f"error_http_{status_code}"
+        await _finalize_zero(frozen_id, record.proxy_call_id, reason)
+        if resp_json is not None:
+            ledger.update_response(record.proxy_call_id, resp_json)
+        return Response(content=resp_body, status_code=status_code, headers=resp_headers, media_type="application/json")
+    
     resp_json = _try_parse_json(resp_body)
 
     if resp_json is None:
@@ -189,14 +197,6 @@ async def _handle_submit(
         media_type = resp_headers.get("content-type")
         return Response(content=resp_body, status_code=status_code, headers=resp_headers, media_type=media_type)
 
-    # HTTP-level failure
-    if status_code >= 400:
-        reason = f"error_http_{status_code}"
-        await _finalize_zero(frozen_id, record.proxy_call_id, reason)
-        if resp_json is not None:
-            ledger.update_response(record.proxy_call_id, resp_json)
-        return Response(content=resp_body, status_code=status_code, headers=resp_headers, media_type="application/json")
-
     # Extract task_id from response; no task_id means provider rejected at business level
     provider_task_id: str | None = None
     if resp_json is not None:
diff --git a/backend/app/gateway/third_party_proxy/proxy.py b/backend/app/gateway/third_party_proxy/proxy.py
index 573e9751..0d6531bb 100644
--- a/backend/app/gateway/third_party_proxy/proxy.py
+++ b/backend/app/gateway/third_party_proxy/proxy.py
@@ -215,15 +215,14 @@ async def forward_request(
 ) -> tuple[int, dict[str, str], bytes]:
     """Forward *method* *path* to the provider and return (status_code, headers, body).
 
-    The provider's API key (read from the environment variable named in
-    ``provider_config.api_key_env``) is injected automatically, replacing
-    any Authorization header the caller might have sent.
+    If configured, the provider API key from ``provider_config.api_key_env``
+    is used to replace API key marker placeholders in forwarded headers/body.
     """
     target_url = provider_config.base_url.rstrip("/") + "/" + path.lstrip("/")
     if query_params:
         target_url += "?" + query_params
 
-    # Build forwarded headers: drop internal/hop-by-hop, then inject API key
+    # Build forwarded headers: drop internal/hop-by-hop, then replace API key markers.
     forward_headers = {
         k: v for k, v in headers.items() if k.lower() not in _STRIP_REQUEST_HEADERS
     }
@@ -233,7 +232,6 @@ async def forward_request(
             # Dependency-injection style: replace marker placeholders first.
             forward_headers = _replace_api_key_marker_in_headers(forward_headers, api_key)
             body = _replace_api_key_marker_in_body(forward_headers, body, api_key)
-            forward_headers[provider_config.api_key_header] = provider_config.api_key_prefix + api_key
         else:
             logger.warning(
                 "[ThirdPartyProxy] api_key_env '%s' is not set for provider",
diff --git a/backend/packages/harness/deerflow/config/third_party_proxy_config.py b/backend/packages/harness/deerflow/config/third_party_proxy_config.py
index 890c2036..f921dbf4 100644
--- a/backend/packages/harness/deerflow/config/third_party_proxy_config.py
+++ b/backend/packages/harness/deerflow/config/third_party_proxy_config.py
@@ -79,14 +79,6 @@ class ThirdPartyProviderConfig(BaseModel):
         default=None,
         description="Name of the environment variable holding the API key",
     )
-    api_key_header: str = Field(
-        default="Authorization",
-        description="Request header name for the API key",
-    )
-    api_key_prefix: str = Field(
-        default="Bearer ",
-        description="String prepended to the API key value in the header",
-    )
     timeout_seconds: float = Field(
         default=30.0,
         gt=0,
diff --git a/config.example.yaml b/config.example.yaml
index 0e912161..be3cb7df 100644
--- a/config.example.yaml
+++ b/config.example.yaml
@@ -61,8 +61,6 @@ third_party_proxy:
     runninghub:
       base_url: https://www.runninghub.cn
       api_key_env: RUNNINGHUB_API_KEY
-      api_key_header: Authorization
-      api_key_prefix: "Bearer "
       timeout_seconds: 30.0
       frozen_amount: 10.0
       frozen_type: 2
@@ -102,8 +100,6 @@ third_party_proxy:
     dashscope:
       base_url: https://dashscope.aliyuncs.com
       api_key_env: DASHSCOPE_API_KEY
-      api_key_header: Authorization
-      api_key_prefix: "Bearer "
       timeout_seconds: 60.0
       frozen_token: 32768
       submit_routes:
diff --git a/docs/SKILL_PROXY_MIGRATION_GUIDE.md b/docs/SKILL_PROXY_MIGRATION_GUIDE.md
index bcfa3636..046b9150 100644
--- a/docs/SKILL_PROXY_MIGRATION_GUIDE.md
+++ b/docs/SKILL_PROXY_MIGRATION_GUIDE.md
@@ -122,8 +122,6 @@ third_party_proxy:
     runninghub:
       base_url: https://www.runninghub.cn
       api_key_env: RUNNINGHUB_API_KEY
-      api_key_header: Authorization
-      api_key_prefix: "Bearer "
       timeout_seconds: 30.0
       frozen_amount: 10.0
       frozen_type: 2