BYOK

Bring your own provider keys while keeping TheRouter.ai routing

BYOK lets you route traffic through your own provider credentials while still using TheRouter.ai's unified API, observability, and policy controls.

How BYOK works

Your provider key is encrypted and scoped to the provider integration.
TheRouter.ai prioritizes your configured BYOK endpoint when routing that provider.
If fallback is enabled, TheRouter.ai can continue with shared capacity after BYOK attempts fail.

Fee structure

BYOK traffic may include a platform fee charged against TheRouter.ai credits, with eligibility thresholds defined in account policy.

Provider ordering interaction

When BYOK is enabled for a provider, that BYOK route is attempted before shared-capacity routes for the same provider family.

provider-ordering.json

{
  "provider": {
    "allow_fallbacks": true,
    "order": ["aws-bedrock", "google-vertex", "anthropic"]
  }
}

Deterministic behavior

If you require strict enforcement that requests never use shared capacity, enable the equivalent of "Always use this key" in provider integration settings.

Credential formats

Azure

{
  "model_slug": "openai/gpt-4o",
  "endpoint_url": "https://<resource>.services.ai.azure.com/deployments/<model-id>/chat/completions?api-version=2024-08-01-preview",
  "api_key": "<AZURE_API_KEY>",
  "model_id": "<AZURE_DEPLOYMENT_NAME>"
}

Debugging BYOK errors

Open request metadata and inspect provider response codes for each routing attempt.

provider-responses.json

{
  "provider_responses": [
    { "provider": "aws-bedrock", "status": 403 },
    { "provider": "google-vertex", "status": 429 },
    { "provider": "anthropic", "status": 200 }
  ]
}

401: key invalid or revoked
403: permission or policy mismatch
429: provider-side rate limit exceeded
500: temporary provider error