Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.auriko.ai/llms.txt

Use this file to discover all available pages before exploring further.

Bring Your Own Key (BYOK) lets you use your own provider API keys instead of Auriko’s shared pool. You control the key, the billing relationship, and any provider-specific quotas.

Route with BYOK

To restrict a request to your own keys, set gateway.routing.only_byok: 
import os
from openai import OpenAI

client = OpenAI(
    api_key=os.environ["AURIKO_API_KEY"],
    base_url="https://api.auriko.ai/v1",
)

response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "Hello!"}],
    extra_body={"gateway": {"routing": {"only_byok": True}}},
)
See Routing options for the full constraint API.

Understand routing behavior

Auriko prefers your BYOK key when one exists for the requested provider. You get direct billing control and your provider tier applies. Auriko falls back to platform keys in two cases:
  1. Rate-limited: your BYOK key is rate-limited and the platform key has capacity.
  2. Unavailable: your BYOK key is unavailable at request time and a platform key exists.
Override the default with routing constraints:
  • only_byok: true — use only your BYOK key and fail the request if unavailable.
  • only_platform: true — ignore BYOK keys entirely.
BYOK requests count toward a monthly cap that scales with your plan. See Plans and billing for caps by tier.

Set up BYOK keys

Manage your provider keys in the Auriko Dashboard.
  1. Go to Settings > Provider Keys in the dashboard.
  2. Click Add Provider Key.
  3. Select the provider and paste your API key.
  4. Auriko validates the key before saving.

List supported providers

GET /v1/registry/providers returns the current list of supported providers. The endpoint is public and doesn’t require authentication:
cURL
curl https://api.auriko.ai/v1/registry/providers
See the List Available Providers reference for the full response schema.

Detect provider tier

Auriko detects your provider account tier on first use. The detected tier affects rate limits and routing decisions. You can override detection in the dashboard:
  • Enterprise flag — mark a key as enterprise tier for higher limits.
  • Manual tier — select a specific tier for providers that require it (e.g., Google AI Studio).
Once you set a tier manually, Auriko stops detecting that key’s tier.

Secure your keys

Auriko encrypts your provider keys and isolates them per workspace.
  • Encrypted at rest: authenticated encryption with per-workspace key isolation.
  • Masked in responses: API responses show only a short prefix of each key.
  • Decrypted at request time only: Auriko decrypts your key when calling the provider, then discards it.
  • Never logged: Auriko never logs or persists decrypted keys.

Control data handling

BYOK keys inherit the workspace data policy. Options: none, no_training, and zdr (zero data retention). A per-request data_policy overrides the workspace default. Providers that don’t meet the required level aren’t available for routing. See Advanced routing for more on data policies.