Authentication

All /v1/* endpoints require authentication. ARouter supports three methods so that every major LLM SDK works out of the box.

Auth Methods

Bearer Token
X-Api-Key Header
Query Parameter

Used by the OpenAI SDK, DeepSeek SDK, Mistral SDK, and most OpenAI-compatible clients.

Authorization: Bearer lr_live_xxxx

from openai import OpenAI

client = OpenAI(
    base_url="https://api.arouter.com/v1",
    api_key="lr_live_xxxx",  # sent as Bearer token
)

Used by the Anthropic SDK.

X-Api-Key: lr_live_xxxx

import anthropic

client = anthropic.Anthropic(
    base_url="https://api.arouter.com",
    api_key="lr_live_xxxx",  # sent as X-Api-Key
)

Used by the Google Gemini SDK.

GET /v1beta/models?key=lr_live_xxxx

import google.generativeai as genai

genai.configure(
    api_key="lr_live_xxxx",  # sent as ?key= param
    transport="rest",
    client_options={"api_endpoint": "https://api.arouter.com"},
)

All three methods use the same ARouter API key. The gateway automatically detects which method is being used and extracts the key accordingly.

Key Types

Key Type	Format	Description
Management Key	`lr_mgmt_xxxx`	Create and manage API keys via the management API.
API Key	`lr_live_xxxx`	Make LLM requests. Can have provider/model restrictions and spending limits.

Management keys create API keys that can only narrow permissions — never expand beyond the tenant’s scope. See the Key Management Guide for details.

Error Responses

When authentication fails, you’ll receive one of these responses:

// Missing or malformed key
{
  "error": {
    "message": "missing or invalid Authorization header",
    "type": "authentication_error"
  }
}

// Invalid key
{
  "error": {
    "message": "invalid api key",
    "type": "authentication_error"
  }
}

Both return HTTP 401 Unauthorized.

Get Started

Core Concepts

SDKs

Guides

Auth Methods

Key Types

Error Responses

Get Started

Core Concepts

SDKs

Guides

​Auth Methods

​Key Types

​Error Responses

Auth Methods

Key Types

Error Responses