LLM Gateway
Turn on governance for your LLM calls in 5 minutes. Works with OpenAI, Anthropic, Google Gemini, Groq, Mistral, Cohere, and 54 more providers out of the box.Quickstart
1. Get an Igris API key
Sign up at app.igrisecurity.com/signup, then create a new API key under Settings → API Keys. Your key starts withig_.
2. Create a connection for your LLM provider
Connections are encrypted credential vaults. They bind your upstream provider API key to an Igris slug you can reference from code without ever exposing the real key.- Go to Connections in the dashboard
- Click New Connection
- Select type LLM
- Pick your provider — e.g. OpenAI
- Paste your provider API key
- Optionally restrict to specific models (e.g.
gpt-4o,gpt-4o-mini) - Save and note the slug (e.g.
openai-prod)
3. Make your first call
The model field uses@slug/model syntax. Igris resolves the slug, injects credentials, enforces
policies, and logs everything — before forwarding to the upstream provider.
4. See it in the audit trail
Back in the dashboard, open LLM → Audit Trail. You’ll see your call with:- Provider + model used
- Input and output token counts
- Cost in USD (calculated server-side)
- End-to-end latency
- User identity passed via
userfield - Policy action (allowed / denied / alerted)
Streaming
Passstream: true to get an AsyncIterable of SSE chunks. The gateway uses minimal SSE-parse
buffering to extract usage data — no extra round-trips are added.
Passing metadata for policy conditions
Theuser field and arbitrary metadata can be passed via extra request headers. The SDK’s
connectLlm() method is the cleanest way to attach per-request context:
Endpoint and protocol
The gateway is OpenAI-compatible. All requests target:Concepts
Connections
A connection is an encrypted credential vault that maps an Igris slug to an upstream provider API key. Your application code never holds the real provider key — it only knows the slug (e.g.openai-prod). The gateway resolves the slug at request time, injects the real credential,
and forwards to the upstream provider.
Connections can be scoped to a specific organization, restricted to a subset of models, enabled or
disabled without a code change, and rotated by updating the vault entry in the dashboard. A single
slug can be reused across as many callers as you like — policy rules target the slug.
See Connections for CRUD operations via the API.
Providers
A provider is a registered upstream LLM service — OpenAI, Anthropic, Groq, Mistral, and 56 more — 60 in total. Each provider registration captures:- Slug — the identifier used in connection creation and model routing (e.g.
openai,anthropic) - Base URL — where the gateway forwards requests
- Auth style —
bearer,x-api-key, orquery-param - Supported endpoints — which of
chat.completions,embeddings,images.generate,audio.transcriptions,audio.speech, orpassthroughthis provider supports
baseUrl: null (Ollama, HuggingFace, Triton, Modal, openai-compatible) require a
customBaseUrl to be set on the connection for self-hosted deployments.
See the full Provider Catalog.
Policies
A policy is an ordered list ofPolicyRule objects attached to an organization or connection.
Rules are evaluated in order — first match wins.
Each rule has four main parts:
Target
What the rule matches. Three discriminated union variants:Action
What happens when the rule matches:"allow", "deny", or "alert". Deny returns HTTP 403.
Alert records an alert event without blocking the request.
Conditions
Optional metadata conditions that must also match for the rule to fire. Keys are dotted paths into the request context (e.g.metadata.role, user). Operators: eq, neq, in, nin.
Limits, Guards, and Content Controls
Rules can also carry:limit— rate limit on requests, tokens, or dollars per minute/hour/daytokenGuard— capmax_tokensor reject requests exceeding an input token estimatecontentGuard— runs detectors (PII, secrets, prompt injection, custom regex/keywords) over the prompt and optionally the response, withaction: "deny" | "redact" | "alert"logContent— whether to persist the full prompt and completion tollm_call_bodies
Audit Trail
Every request through the gateway produces an audit event with:type: "llm_call"- Provider + model (resolved after gateway routing)
inputTokens,outputTokens,cachedTokenscostCents(integer, USD cents × 100 — sub-cent precision)- Latency in milliseconds
userId,traceId,connectionSlug- Policy action taken
requestIdfor correlation
igris.auditEvents.list() or browse them in the dashboard
under LLM → Audit Trail.
If logContent: true is set on a matching rule, the full prompt and completion are stored in
llm_call_bodies and linked via the audit event ID.
Cost Tracking
Cost is computed server-side using a live pricing snapshot. ThecostCents column stores the value
as an integer representing USD cents × 100 — so 150 means $0.0150.
The LLM → Cost dashboard aggregates spend by day, provider, model, connection, and user.
Anomaly detection also monitors cost-per-minute as one of its five signal dimensions.
Anomaly Detection
TheLlmAnomalyDetector runs five parallel signal trackers on every request:
| Signal | Trigger |
|---|---|
| Cost spike | Cost/minute exceeds baseline EWMA by configurable factor |
| Token burn | Tokens/minute exceeds threshold |
| Response length | Output tokens for a single response exceeds threshold |
| Model shift | Observed model diverges from expected model baseline |
| Error rate | HTTP 4xx/5xx rate exceeds threshold |
deny action on the policy rule to make them blocking.
Three Usage Styles
1. SDK native (recommended)
Useigris.chat.completions.create() directly. The @slug/model model prefix tells the SDK which
connection to route through. Zero external dependencies beyond the Igris SDK.
2. connectLlm escape hatch
Useigris.connectLlm(slug, options) to get a { baseUrl, apiKey, headers } object and wire it
into any OpenAI-compatible SDK client. This is the zero-migration path when your app already uses
the OpenAI Node SDK.
3. Raw HTTP
Any HTTP client that can setAuthorization: Bearer <igris_key> and target
https://api.igrisecurity.com/llm/<slug>/v1/chat/completions works directly. This is useful for
language runtimes without an Igris SDK (Python, Go, Rust, etc.).
Request Modes: Passthrough vs Transformed
Most providers use transformed mode — the gateway rewrites the request body and response to match the OpenAI chat completions schema, regardless of what the upstream expects. This means you can switch providers without changing your application code. Passthrough mode (endpoint: "passthrough") forwards the raw request body directly to the
provider without transformation. Use this for providers with non-standard APIs (image generation,
3D model generation, audio) where the OpenAI schema doesn’t apply.
Metadata Channels
Request context (user identity, trace IDs, metadata for policy conditions) can be provided through three channels, resolved in priority order:-
Individual headers —
X-Igris-Metadata-<key>: <value>(highest priority). One header per metadata field. Example:X-Igris-Metadata-role: developer. -
JSON blob header —
x-igris-metadata: {"user":"alice","role":"developer"}plus special sentinels_userand_trace_idfor the core identity fields. -
Request body —
body.user(OpenAI convention). Lowest priority, for compatibility with clients that already set the OpenAIuserfield.
connectLlm() method handles encoding all three channels automatically when you pass user,
traceId, and metadata options.
What’s next?
Providers
All 60 supported providers with slugs, base URLs, and auth styles.
Connections
Create and manage encrypted credential vaults for upstream providers.