diff --git a/api/controllers/console/workspace/providers.py b/api/controllers/console/workspace/providers.py
index 067946862c..dc9e9c45f1 100644
--- a/api/controllers/console/workspace/providers.py
+++ b/api/controllers/console/workspace/providers.py
@@ -92,19 +92,23 @@ class ProviderTokenApi(Resource):
                 token_is_valid = True
             except ValidateFailedError:
                 token_is_valid = False
+
+            base64_encrypted_token = ProviderService.get_encrypted_token(
+                tenant=current_user.current_tenant,
+                provider_name=ProviderName(provider),
+                configs=args['token']
+            )
         else:
+            base64_encrypted_token = None
             token_is_valid = False
 
         tenant = current_user.current_tenant
 
-        base64_encrypted_token = ProviderService.get_encrypted_token(
-            tenant=current_user.current_tenant,
-            provider_name=ProviderName(provider),
-            configs=args['token']
-        )
-
-        provider_model = Provider.query.filter_by(tenant_id=tenant.id, provider_name=provider,
-                                                  provider_type=ProviderType.CUSTOM.value).first()
+        provider_model = db.session.query(Provider).filter(
+                Provider.tenant_id == tenant.id,
+                Provider.provider_name == provider,
+                Provider.provider_type == ProviderType.CUSTOM.value
+            ).first()
 
         # Only allow updating token for CUSTOM provider type
         if provider_model:
@@ -117,6 +121,16 @@ class ProviderTokenApi(Resource):
                                       is_valid=token_is_valid)
             db.session.add(provider_model)
 
+        if provider_model.is_valid:
+            other_providers = db.session.query(Provider).filter(
+                Provider.tenant_id == tenant.id,
+                Provider.provider_name != provider,
+                Provider.provider_type == ProviderType.CUSTOM.value
+            ).all()
+
+            for other_provider in other_providers:
+                other_provider.is_valid = False
+
         db.session.commit()
 
         if provider in [ProviderName.ANTHROPIC.value, ProviderName.AZURE_OPENAI.value, ProviderName.COHERE.value,
diff --git a/api/core/llm/provider/base.py b/api/core/llm/provider/base.py
index 2865489b95..71bb32dca6 100644
--- a/api/core/llm/provider/base.py
+++ b/api/core/llm/provider/base.py
@@ -92,7 +92,7 @@ class BaseProvider(ABC):
         try:
             config = self.get_provider_api_key()
         except:
-            config = 'THIS-IS-A-MOCK-TOKEN'
+            config = ''
 
         if obfuscated:
             return self.obfuscated_token(config)