Unified Access
Unified Access provides Keeptrusts-managed credentials, billing, and rate limiting for supported model traffic. Chat Completions and Responses also run the gateway policy path. The Anthropic-shaped Messages route is recognized, but its current governance and upstream-adapter limitations make it unsuitable for production traffic.
How it works
- Model catalog — Browse available models with published per-token pricing.
- Access policies — Define and simulate intended model-access rules; the current live model path does not yet load these policy records.
- Budget policies — Define and simulate hourly, daily, weekly, and monthly limits; live reservation enforcement is not yet wired.
- Auto top-up — Store wallet refill settings and history; the runtime does not currently initiate the first automatic top-up attempt.
- Zero Data Retention — Enable passthrough or strict controls for sensitive workloads.
Billing
- Provider list prices with 0% markup on supported Unified Access models.
- Team seats include monthly credits that are consumed before the shared org wallet.
- Service users are billed from wallet funds only.
- Usage is traffic metered per request and settled from actual token usage.
Endpoint status
| Endpoint | Provider/format | Current boundary |
|---|---|---|
POST /v1/chat/completions | OpenAI / Chat Completions | Managed billing and the Chat/Responses policy path |
POST /v1/responses | OpenAI / Responses API | Managed billing and the Chat/Responses policy path |
POST /v1/messages | Anthropic / Messages API | Auth, billing, and provider routing only; no Chat/Responses policy evaluation. The current Anthropic adapter also emits a non-conforming request body, so do not use this route for production traffic. |
See Runtime Request Families and the Anthropic integration status before choosing a transport.
Managed public endpoints
Unified Access credentials work across direct connected-gateway URLs and Keeptrusts-managed public endpoints. The hostname you choose changes locality and publication routing, not the auth model.
| Published traffic family | Behavior |
|---|---|
*.ai.global.keeptrusts.com | Global entrypoint that selects an eligible published region after organization policy and region rules are resolved |
*.ai.eu.keeptrusts.com | EU locality commitment |
*.ai.us.keeptrusts.com | US locality commitment |
The wildcard label is an API-assigned, immutable 12-character lowercase
alphanumeric publication key, for example
abc123def456.ai.eu.keeptrusts.com. Do not substitute an organization or agent
slug. Publish the endpoint through Keeptrusts and use the exact hostname the
publication returns.
Root hosts at keeptrusts.com, eu.keeptrusts.com, and
us.keeptrusts.com are discovery-only status surfaces. They are not soft
latency hints and they do not serve customer model traffic. The published traffic hostnames are the locality commitments, and they only serve traffic
after the organization publishes that hostname from an eligible connected
gateway.
Use Configurations for rollout workflow, validation, and publication-state checks.
Programmatic authentication
Use a scoped governed API token for Unified Access model requests. Create the
token from API Tokens, copy the one-time value through an approved secret
channel, and send it as an Authorization: Bearer ... credential. Keep provider
keys and browser-session credentials out of client applications.
See Managing API Tokens for token profiles, bindings, rotation, and revocation.
Access policies
Access-policy APIs let you define and simulate who should use which models:
- Allow and deny rules support tag-based resource matching.
- Deny always overrides allow.
- When multiple allow rules match, the most restrictive limits win.
- Use simulation to confirm the effective decision represented by the stored policy.
The current gateway, Unified Access, and wallet request paths do not load the
access_policies records, so these definitions do not yet gate live model
traffic. Enforce production access with the active token, role, gateway, and
declarative-policy controls until that integration is wired.
Budget policies
Budget-policy APIs define and simulate spend limits across time windows:
- Hourly, daily, weekly, and monthly windows.
- Effective-policy evaluation chooses the most restrictive matching limit.
- The current wallet reservation path does not invoke that enforcement
function, so exhausted policy windows do not currently block live traffic or
produce a budget-policy
429. Wallet insufficiency remains the active hard stop.
See Unified Access budgets for policy design guidance.
Zero Data Retention (ZDR)
For sensitive workloads:
passthroughsetsstore=falseupstream and skips cache use.strictalso strips request and response bodies from event logs.
Next steps
- Review Unified Access budgets.
- Create a scoped credential with Managing API Tokens.
- Use Unified Access in Config to understand where shared-provider routing and retention rules live in gateway YAML.