Quickstart

Quickstart

This page takes you from a running installation to your first governed model call in four steps: connect a provider, register a model alias, mint a virtual key, and make a request. Everything here uses curl against the Admin API; every step can equally be done in the dashboard, and the nav path is noted where it helps.

1. Connect a provider

Register an upstream vendor with its base URL and master API key. The key is encrypted at rest and never leaves the gateway — applications will never see it.

Command
curl -s -u admin:YOUR_ADMIN_PASSWORD \
  -X POST https://aam.example.com/admin/providers \
  -H "Content-Type: application/json" \
  -d '{
    "name": "openai",
    "baseUrl": "https://api.openai.com/v1",
    "apiKey": "sk-your-real-openai-key",
    "protocol": "openai"
  }'

Any OpenAI-compatible server works the same way — Groq, a local Ollama (http://ollama:11434/v1), vLLM, and so on. For Anthropic, Gemini, or Vertex AI, set protocol accordingly; see Providers & model catalog.

Dashboard: Operate ▸ Catalog ▸ Add provider.

2. Register a deployment (a model alias)

A deployment maps a stable alias — what your applications will ask for — to a provider and the real upstream model. Aliases decouple your apps from vendors: re-point the alias later and no application changes.

Command
curl -s -u admin:YOUR_ADMIN_PASSWORD \
  -X POST https://aam.example.com/admin/deployments \
  -H "Content-Type: application/json" \
  -d '{
    "alias": "fast",
    "providerName": "openai",
    "upstreamModel": "gpt-4o-mini"
  }'

Optionally add per-token pricing (inputCostPerToken, outputCostPerToken) so every call gets a currency cost for budgets and reports. Register the same alias on a second provider to load-balance it.

Dashboard: Operate ▸ Catalog ▸ Add deployment.

3. Mint your first virtual key

This is the credential your application will hold instead of a vendor key. The secret is returned once, at issue time; only a SHA-256 hash is stored.

Command
curl -s -u admin:YOUR_ADMIN_PASSWORD \
  -X POST https://aam.example.com/admin/keys \
  -H "Content-Type: application/json" \
  -d '{"alias": "my-first-app"}'

Response:

JSON
{
  "id": "8b6f2f2e-4a1c-4b6e-9f0a-2d7c1e5a9b3d",
  "token": "sk-aBcDeF...",
  "alias": "my-first-app",
  "hint": "sk-…b3d"
}

Copy the token now — it is never shown again. Keys can carry a team, a project, and a TTL; see Virtual keys.

Dashboard: Operate ▸ Virtual keys ▸ Issue key.

4. Make your first request

Call the OpenAI-compatible data plane with the virtual key as the bearer token and the alias as the model:

Command
curl -s https://aam.example.com/v1/chat/completions \
  -H "Authorization: Bearer sk-PASTE-YOUR-VIRTUAL-KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "fast",
    "messages": [{"role": "user", "content": "Say hello from behind the gateway."}]
  }'

Or with the OpenAI Python SDK — only the base URL and key change:

Python
from openai import OpenAI

client = OpenAI(
    base_url="https://aam.example.com/v1",
    api_key="sk-PASTE-YOUR-VIRTUAL-KEY",
)

reply = client.chat.completions.create(
    model="fast",
    messages=[{"role": "user", "content": "Say hello from behind the gateway."}],
)
print(reply.choices[0].message.content)

Add "stream": true (and -N to curl) to watch tokens arrive as Server-Sent Events.

5. See the governance you just got

Open Govern ▸ Audit & usage in the dashboard. Your request is already there: the key that made it, the provider and model that served it, token counts, cost (if you set pricing), latency, and outcome. Nothing extra to configure.

Next steps

  • Onboard a team — organizations, teams, invitations, and scoped keys.
  • Budgets & rate limits — cap spend and throttle traffic before onboarding real workloads.
  • Guardrails — stop PII and secrets from leaking through prompts and replies.
  • Integrations — point OpenAI, Anthropic, and LangChain clients at the gateway.