diff --git a/app/api/endpoints/recipes.py b/app/api/endpoints/recipes.py
index d74cbe8..fedeabd 100644
--- a/app/api/endpoints/recipes.py
+++ b/app/api/endpoints/recipes.py
@@ -21,19 +21,20 @@ async def suggest_recipes(
     session: CloudUser = Depends(get_session),
     store: Store = Depends(get_store),
 ) -> RecipeResult:
+    # Inject session-authoritative tier/byok immediately — client-supplied values are ignored.
+    req = req.model_copy(update={"tier": session.tier, "has_byok": session.has_byok})
     if req.level == 4 and not req.wildcard_confirmed:
         raise HTTPException(
             status_code=400,
             detail="Level 4 (Wildcard) requires wildcard_confirmed=true.",
         )
-    if req.level in (3, 4) and not can_use("recipe_suggestions", session.tier, session.has_byok):
+    if req.level in (3, 4) and not can_use("recipe_suggestions", req.tier, req.has_byok):
         raise HTTPException(
             status_code=403,
             detail="LLM recipe levels require Paid tier or a configured LLM backend.",
         )
-    if req.style_id and not can_use("style_picker", session.tier):
+    if req.style_id and not can_use("style_picker", req.tier):
         raise HTTPException(status_code=403, detail="Style picker requires Paid tier.")
-    req = req.model_copy(update={"tier": session.tier, "has_byok": session.has_byok})
     engine = RecipeEngine(store)
     return await asyncio.to_thread(engine.suggest, req)