Quickstart
This page takes you from a running installation to your first governed model call in four steps: connect a provider, register a model alias, mint a virtual key, and make a request. Everything here uses curl against the Admin API; every step can equally be done in the dashboard, and the nav path is noted where it helps.
1. Connect a provider
Register an upstream vendor with its base URL and master API key. The key is encrypted at rest and never leaves the gateway — applications will never see it.
curl -s -u admin:YOUR_ADMIN_PASSWORD \
-X POST https://aam.example.com/admin/providers \
-H "Content-Type: application/json" \
-d '{
"name": "openai",
"baseUrl": "https://api.openai.com/v1",
"apiKey": "sk-your-real-openai-key",
"protocol": "openai"
}'
Any OpenAI-compatible server works the same way — Groq, a local Ollama (http://ollama:11434/v1), vLLM, and so on. For Anthropic, Gemini, or Vertex AI, set protocol accordingly; see Providers & model catalog.
Dashboard: Operate ▸ Catalog ▸ Add provider.
2. Register a deployment (a model alias)
A deployment maps a stable alias — what your applications will ask for — to a provider and the real upstream model. Aliases decouple your apps from vendors: re-point the alias later and no application changes.
curl -s -u admin:YOUR_ADMIN_PASSWORD \
-X POST https://aam.example.com/admin/deployments \
-H "Content-Type: application/json" \
-d '{
"alias": "fast",
"providerName": "openai",
"upstreamModel": "gpt-4o-mini"
}'
Optionally add per-token pricing (inputCostPerToken, outputCostPerToken) so every call gets a currency cost for budgets and reports. Register the same alias on a second provider to load-balance it.
Dashboard: Operate ▸ Catalog ▸ Add deployment.
3. Mint your first virtual key
This is the credential your application will hold instead of a vendor key. The secret is returned once, at issue time; only a SHA-256 hash is stored.
curl -s -u admin:YOUR_ADMIN_PASSWORD \
-X POST https://aam.example.com/admin/keys \
-H "Content-Type: application/json" \
-d '{"alias": "my-first-app"}'
Response:
{
"id": "8b6f2f2e-4a1c-4b6e-9f0a-2d7c1e5a9b3d",
"token": "sk-aBcDeF...",
"alias": "my-first-app",
"hint": "sk-…b3d"
}
Copy the token now — it is never shown again. Keys can carry a team, a project, and a TTL; see Virtual keys.
Dashboard: Operate ▸ Virtual keys ▸ Issue key.
4. Make your first request
Call the OpenAI-compatible data plane with the virtual key as the bearer token and the alias as the model:
curl -s https://aam.example.com/v1/chat/completions \
-H "Authorization: Bearer sk-PASTE-YOUR-VIRTUAL-KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "fast",
"messages": [{"role": "user", "content": "Say hello from behind the gateway."}]
}'
Or with the OpenAI Python SDK — only the base URL and key change:
from openai import OpenAI
client = OpenAI(
base_url="https://aam.example.com/v1",
api_key="sk-PASTE-YOUR-VIRTUAL-KEY",
)
reply = client.chat.completions.create(
model="fast",
messages=[{"role": "user", "content": "Say hello from behind the gateway."}],
)
print(reply.choices[0].message.content)
Add "stream": true (and -N to curl) to watch tokens arrive as Server-Sent Events.
5. See the governance you just got
Open Govern ▸ Audit & usage in the dashboard. Your request is already there: the key that made it, the provider and model that served it, token counts, cost (if you set pricing), latency, and outcome. Nothing extra to configure.
Next steps
- Onboard a team — organizations, teams, invitations, and scoped keys.
- Budgets & rate limits — cap spend and throttle traffic before onboarding real workloads.
- Guardrails — stop PII and secrets from leaking through prompts and replies.
- Integrations — point OpenAI, Anthropic, and LangChain clients at the gateway.