BYOK
Bring your own provider API keys
Using your own credentials with an external AI provider allows Infron to authenticate requests on your behalf with no added markup. This approach is useful for using credits provided by the AI provider or executing AI queries that access private cloud data.
Infron supports both Infron credits and the option to bring your own provider keys (BYOK).
Using provider keys enables direct control over rate limits and costs via your provider account. Your provider keys are securely encrypted and used for all requests routed through the specified provider.
If a query using your credentials fails, Infron will retry the query with its system credentials to improve service availability. When you use Infron credits, your rate limits for each provider are managed by Infron.
Integrating credentials like this with AI Gateway is sometimes referred to as Bring-Your-Own-Key, or BYOK.
BYOK on Infron AI is free
Infron AI use your own provider keys and pay only the provider’s standard rates, with no extra platform fees.
Getting started
Retrieve credentials from your AI provider
First, retrieve credentials (the ai provider api keys) from your AI provider. Infron uses these credentials first to authenticate requests to that provider. If a query made with your credentials fails, Infron will re-attempt with system credentials (your infron api key), aiming to provide improved availability.
Add the credentials to your byok configuration
Go to the Bring Your Own Key (BYOK) page in your dashboard.
In the Infron dashboard this feature is found in the Integrations (BYOK) section in the sidebar.
Find your provider from the list and click the add icon.
In the dialog that appears, enter the credentials you retrieved from the provider.
Ensure that the Enabled toggle is turned on so that the credentials are active.
Click Test Connection to validate and add your credentials.
This will execute a small test query using a cheap and fast model from the selected provider to verify the health of your credentials. The test is designed to be minimal and cost-effective while ensuring your authentication is working properly.
Use the credentials in your real-world requests
Once you add credentials, Infron automatically includes them in your requests. You can now use these credentials to authenticate your requests.
curl https://llm.onerouter.pro/v1/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer sk-oQd0Pprww6oBIgE68dJOVJ3bWcACLtLzB2Kb93masMvJ3OCV" \
-d '{
"model": "deepseek/deepseek-v3.2",
"messages": [
{
"role": "user",
"content": "What is the meaning of life?"
}
]
}'
BYOK with Provider Ordering
When you combine BYOK keys with provider ordering, Infron always prioritizes BYOK endpoints first, regardless of where that provider appears in your specified order. After all BYOK endpoints are exhausted, Infron falls back to shared capacity in the order you specified.
This means BYOK keys effectively override your provider ordering for the initial routing attempts. For example, if you have BYOK keys for Amazon Bedrock, Google Vertex AI, and Anthropic, and you send a request with:
{
"provider": {
"allow_fallbacks": true,
"order": ["amazon-bedrock", "google-vertex", "anthropic"]
}
}The routing order will be:
Partial BYOK with Provider Ordering
If you only have a BYOK key for some of the providers in your order, the BYOK provider is still tried first. For example, if you specify
but only have a BYOK key for Google Vertex AI.
The routing order will be:
Note that even though Amazon Bedrock is listed first in the order array, the Google Vertex AI BYOK endpoint takes priority.
AWS Bedrock API Keys
To use Amazon Bedrock with Infron, you can authenticate using either Bedrock API keys or traditional AWS credentials.
Option 1: Bedrock API Keys (Recommended)
Amazon Bedrock API keys provide a simpler authentication method. Simply provide your Bedrock API key as a string:
Note: Bedrock API keys are tied to a specific AWS region and cannot be used to change regions. If you need to use models in different regions, use the AWS credentials option below.
You can generate Bedrock API keys in the AWS Management Console. Learn more in the Amazon Bedrock API keys documentation.
Option 2: AWS Credentials
Alternatively, you can use traditional AWS credentials in JSON format. This option allows you to specify the region and provides more flexibility:
You can find these values in your AWS account:
accessKeyId: This is your AWS Access Key ID. You can create or find your access keys in the AWS Management Console under “Security Credentials” in your AWS account.
secretAccessKey: This is your AWS Secret Access Key, which is provided when you create an access key.
region: The AWS region where your Amazon Bedrock models are deployed (e.g., “us-east-1”, “us-west-2”).
Make sure your AWS IAM user or role has the necessary permissions to access Amazon Bedrock services. At minimum, you’ll need permissions for:
bedrock:InvokeModelbedrock:InvokeModelWithResponseStream(for streaming responses)
Example IAM policy:
For enhanced security, we recommend creating dedicated IAM users with limited permissions specifically for use with Infron.
Learn more in the AWS Bedrock Getting Started with the API documentation, IAM Permissions Setup guide, or the AWS Bedrock API Reference.
Google Vertex API Keys
To use Google Vertex AI with Infron, you’ll need to provide your Google Cloud service account key in JSON format. The service account key should include all standard Google Cloud service account fields, with an optional region field for specifying the deployment region.
You can find these values in your Google Cloud Console:
Service Account Key: Navigate to the Google Cloud Console, go to “IAM & Admin” > “Service Accounts”, select your service account, and create/download a JSON key.
region (optional): Specify the region for your Vertex AI deployment. Use
"global"to allow requests to run in any available region, or specify a specific region like"us-central1"or"europe-west1".
Make sure your service account has the necessary permissions to access Vertex AI services:
aiplatform.endpoints.predictaiplatform.endpoints.streamingPredict(for streaming responses)
Example IAM policy:
Learn more in the Google Cloud Vertex AI documentation and Service Account setup guide.
Last updated