diff --git a/src/services/apiKeyService.js b/src/services/apiKeyService.js
index 771f973b..1d9c8d81 100644
--- a/src/services/apiKeyService.js
+++ b/src/services/apiKeyService.js
@@ -65,6 +65,13 @@ function normalizePermissions(permissions) {
     if (permissions === 'all') {
       return []
     }
+    // 兼容逗号分隔格式（修复历史错误数据，如 "claude,openai"）
+    if (permissions.includes(',')) {
+      return permissions
+        .split(',')
+        .map((p) => p.trim())
+        .filter(Boolean)
+    }
     // 旧单个字符串转为数组
     return [permissions]
   }
@@ -753,6 +760,9 @@ class ApiKeyService {
           if (field === 'restrictedModels' || field === 'allowedClients' || field === 'tags') {
             // 特殊处理数组字段
             updatedData[field] = JSON.stringify(value || [])
+          } else if (field === 'permissions') {
+            // 权限字段：规范化后JSON序列化，与createApiKey保持一致
+            updatedData[field] = JSON.stringify(normalizePermissions(value))
           } else if (
             field === 'enableModelRestriction' ||
             field === 'enableClientRestriction' ||
diff --git a/web/admin-spa/src/components/apikeys/EditApiKeyModal.vue b/web/admin-spa/src/components/apikeys/EditApiKeyModal.vue
index 0b68528b..5cb7cea7 100644
--- a/web/admin-spa/src/components/apikeys/EditApiKeyModal.vue
+++ b/web/admin-spa/src/components/apikeys/EditApiKeyModal.vue
@@ -1246,6 +1246,12 @@ onMounted(async () => {
       } catch {
         perms = VALID_PERMS.includes(perms) ? [perms] : []
       }
+    } else if (perms.includes(',')) {
+      // 兼容逗号分隔格式（如 "claude,openai"）
+      perms = perms
+        .split(',')
+        .map((p) => p.trim())
+        .filter((p) => VALID_PERMS.includes(p))
     } else if (VALID_PERMS.includes(perms)) {
       perms = [perms]
     } else {