Skip to main content

LLM Gateway Quickstart

Turn on governance for your LLM calls in 5 minutes. Works with OpenAI, Anthropic, Google Gemini, Groq, Mistral, Cohere, and 55 more providers out of the box.

1. Install the SDK

bun add @igris-security/sdk

2. Get an Igris API key

Sign up at app.igris.dev/signup, then create a new API key under Settings → API Keys. Your key starts with igris_sk_.

3. Create a virtual key for your LLM provider

Virtual keys are encrypted credential vaults. They bind your upstream provider API key to an Igris slug you can reference from code without ever exposing the real key.
  1. Go to Virtual Keys in the dashboard
  2. Click New Virtual Key
  3. Select type LLM
  4. Pick your provider — e.g. OpenAI
  5. Paste your provider API key
  6. Optionally restrict to specific models (e.g. gpt-4o, gpt-4o-mini)
  7. Save and note the slug (e.g. vk_openai_prod)

4. Make your first call

The model field uses @slug/model syntax. Igris resolves the slug, injects credentials, enforces policies, and logs everything — before forwarding to the upstream provider. 
import { Igris } from "@igris-security/sdk";

const igris = new Igris({ apiKey: "igris_sk_..." });

const response = await igris.chat.completions.create({
	model: "@vk_openai_prod/gpt-4o",
	messages: [{ role: "user", content: "Hello!" }],
	user: "alice@corp.com",
});

console.log(response.choices[0].message.content);

5. See it in the audit trail

Back in the dashboard, open LLM → Audit Trail. You’ll see your call with:
  • Provider + model used
  • Input and output token counts
  • Cost in USD (calculated server-side)
  • End-to-end latency
  • User identity passed via user field
  • Policy action (allowed / denied / alerted)
Head to LLM → Cost for spend breakdowns over time.

Streaming

Pass stream: true to get an AsyncIterable of SSE chunks. The gateway passes the stream directly to your client — no buffering, no added latency. 
const stream = await igris.chat.completions.create({
	model: "@vk_openai_prod/gpt-4o",
	messages: [{ role: "user", content: "Write a haiku about governance" }],
	stream: true,
});

for await (const chunk of stream) {
	process.stdout.write(chunk.choices[0]?.delta?.content ?? "");
}
Token usage is extracted from the final SSE chunk (or the terminal usage field for providers that support it) and recorded in the audit trail even for streaming responses.

Passing metadata for policy conditions

The user field and arbitrary metadata can be passed via extra request headers. The SDK’s connectLlm() method is the cleanest way to attach per-request context: 
const conn = igris.connectLlm("vk_openai_prod", {
	user: "alice@corp.com",
	traceId: "trace-abc123",
	metadata: { role: "developer", team: "platform" },
});

// Use conn.baseUrl + conn.apiKey + conn.headers with any OpenAI-compatible client
See Concepts for more on metadata channels.

What’s next?

Concepts

Virtual keys, providers, policies, audit trail, cost tracking, anomaly detection.

SDK Reference

Full API surface — chat, embeddings, connectLlm, subpath adapters, typed errors.

Providers

All 59 supported providers with slugs, base URLs, and auth styles.

Policies

Model allowlists, rate limits, token guards, and content guards.