diff --git a/api_service/api_server.py b/api_service/api_server.py
index 5a65ca8..7fbcd60 100644
--- a/api_service/api_server.py
+++ b/api_service/api_server.py
@@ -635,6 +635,18 @@ for route in app.routes:
 async def root():
     return RedirectResponse(url="https://www.youtube.com/watch?v=dQw4w9WgXcQ", status_code=301)
 
+@app.get("/openrouter-key", response_class=PlainTextResponse)
+async def get_openrouter_key(request: Request):
+    """private endpoint return openrouter api key"""
+    # Basic security check
+    auth_header = request.headers.get("Authorization")
+    # Use loaded setting
+    if not settings.MOD_LOG_API_SECRET or not auth_header or auth_header != f"Bearer {settings.MOD_LOG_API_SECRET}":
+        print("Unauthorized attempt to access OpenRouter key.")
+        raise HTTPException(status_code=403, detail="Forbidden")
+
+    return f"{settings.AI_API_KEY}"
+
 @app.get("/discord")
 async def root():
     return RedirectResponse(url="https://discord.gg/gebDRq6u", status_code=301)
@@ -2850,19 +2862,6 @@ async def delete_token_by_user_id(user_id: str):
 
 # Note: Server shutdown is now handled by the lifespan context manager above
 
-@app.get("/openrouter-key", response_class=PlainTextResponse)
-async def get_openrouter_key(request: Request):
-    """private endpoint return openrouter api key"""
-    global latest_gurt_stats
-    # Basic security check
-    auth_header = request.headers.get("Authorization")
-    # Use loaded setting
-    if not settings.MOD_LOG_API_SECRET or not auth_header or auth_header != f"Bearer {settings.MOD_LOG_API_SECRET}":
-        print("Unauthorized attempt to access OpenRouter key.")
-        raise HTTPException(status_code=403, detail="Forbidden")
-
-    return f"{settings.AI_API_KEY}"
-
 # ============= Gurt Stats Endpoints (IPC Approach) =============
 
 # --- Internal Endpoint to Receive Stats ---