Unified Access configuration reference
Use the unified_access section in gateway configuration to enable Keeptrusts-managed provider access.
Example
unified_access:
enabled: true
default_provider: openai
allowed_models:
- gpt-4.1
- claude-sonnet-4-5
cache_enabled: true
zdr_mode: passthrough
rate_limit_pool:
rebalance_interval_seconds: 60
max_tenant_share: 0.25
default_burst_factor: 1.2
backpressure_strategy: queue
queue_max_wait_ms: 5000
Fields
| Field | Purpose |
|---|---|
enabled | Enables Unified Access resolution instead of BYOK when no customer credentials are provided. |
default_provider | Optional provider fallback when callers omit a provider hint. |
allowed_models | Optional allowlist of model identifiers. Empty means any catalog model. |
cache_enabled | Enables shared gateway caching when ZDR mode allows it. |
zdr_mode | Controls upstream no-store behavior and event-payload redaction. |
rate_limit_pool | Configures fair-share tenant throttling for shared credentials. |
ZDR modes
| Mode | Behavior |
|---|---|
off | Standard caching and event payload storage rules apply. |
passthrough | Applies provider-level no-store controls and skips cache usage. |
strict | Includes passthrough behavior and strips request/response bodies from event payloads. |
Rate limit pool
rate_limit_pool distributes shared RPM and TPM capacity across active tenants.
| Field | Purpose |
|---|---|
rebalance_interval_seconds | Recomputes fair-share allocations for active tenants. |
max_tenant_share | Caps how much of the pool one tenant can consume. |
default_burst_factor | Allows short controlled bursts above the steady-state share. |
backpressure_strategy | Chooses whether the gateway queues, rejects, or degrades requests when a tenant exceeds its share. |
queue_max_wait_ms | Maximum wait before queued requests fail with rate-limit pressure. |
Cache configuration
- Set
cache_enabled: falsefor workloads that must never reuse cached responses. - ZDR
passthroughandstrictshould be paired with cache-disabled deployments when request or response reuse is not permitted by policy. - When cache stays enabled, verify cache settlement behavior in billing dashboards so cache hits settle at zero cost.