Skip to main content
Auriko sanitizes extensions.{provider} passthrough to prevent credential injection, routing bypass, and billing bypass. Fields are handled in one of two ways:
  • Silent strip + warning — auth keys and core request fields are removed from the request, and a message is added to routing_metadata.warnings[]. The request proceeds.
  • Hard rejection (400) — platform-governed parameters tied to the selected offering’s billing or compliance envelope return 400 invalid_request_error. The request does not proceed.

Authentication keys

Blocked at all nesting depths (recursive). These fields are never accepted in passthrough — setting them produces a warning and the field is stripped before the request reaches the provider.
CategoryBlocked keys
Standard authapi_key, apikey, api-key, authorization, auth, bearer, token, access_token, accesstoken, secret, secret_key, secretkey, credential, credentials, password
Provider-specificx-api-key, x-auth-token, anthropic-api-key, openai-api-key, google-api-key
Matching is case-insensitive. Source of truth: edge-worker/src/routing/security.tsBLOCKED_AUTH_KEYS.

Core request fields

Blocked at top level only within extensions.{provider}. Nested occurrences (e.g., inside provider-specific containers like generation_config) are not stripped. Setting one at top level produces a warning and the field is stripped before the request reaches the provider.
CategoryBlocked fields
Routing / billing bypassmodel, messages, stream, stream_options, max_tokens, max_completion_tokens, n
Capability routingtools, tool_choice, response_format, parallel_tool_calls
Model behaviortemperature, top_p, presence_penalty, frequency_penalty, logit_bias, logprobs, top_logprobs, seed, stop
Platform-controlleduser, inference_geo, inferencegeo
Provider-specific equivalentscontents, system_instruction, systeminstruction, system
Matching is case-insensitive and normalizes underscores (so systemInstruction and system_instruction both match). Source of truth: edge-worker/src/routing/security.tsBLOCKED_CORE_FIELDS.

Platform-governed parameters

Blocked with a hard 400 invalid_request_error. The set is derived from each selected offering’s api_params at request time — it is not a fixed list. Which parameters are platform-governed depends on the offering Auriko picked for your request. Representative examples:
ProviderRepresentative platform-governed parameters
OpenAIservice_tier
Anthropicspeed
To change a platform-governed parameter, select a different offering — specify a different model, or scope which providers Auriko considers via routing.providers / routing.exclude_providers. Different offerings can carry different api_params, so a different offering may ship with the value you want. Source of truth: edge-worker/src/routing/owned-params.ts and edge-worker/src/adapter.ts.

Examples

Silent strip with warning

Request: 
{
  "model": "claude-sonnet-4.6",
  "messages": [{"role": "user", "content": "Hello"}],
  "extensions": {
    "anthropic": {
      "api_key": "sk-xxx",
      "model": "claude-opus-4",
      "metadata": { "user_id": "u-123" }
    }
  }
}
Response (abbreviated): 
{
  "routing_metadata": {
    "warnings": [
      "extensions.anthropic.api_key blocked (auth key injection prevented)",
      "extensions.anthropic.model blocked (core field override prevented)"
    ]
  }
}
The request proceeded with extensions.anthropic.metadata forwarded to Anthropic.

Hard rejection (400)

Request (when Auriko routes to an offering whose api_params includes service_tier — e.g., OpenAI flex or priority tiers): 
{
  "model": "gpt-4o",
  "messages": [{"role": "user", "content": "Hello"}],
  "extensions": {
    "openai": { "service_tier": "priority" }
  }
}
Response: 
{
  "error": {
    "type": "invalid_request_error",
    "message": "The field 'service_tier' cannot be set via extensions. This parameter is managed by the platform based on your selected offering."
  }
}
See Error codes for the full error schema.