Docs / Gateway API

// THE DISPATCH SURFACE

Gateway API

The /v1/* surface is OpenAI-wire-compatible: your existing client works unchanged once you point base_url at your gateway. Every dispatch is routed, guarded, budgeted, and stamped with a verifiable receipt whose hash comes back in a response header.

Base URL. Each tenant gets a subdomain: https://agentics.you/api/v1. Authenticate with a gateway key (ak_…) as a bearer token, exactly like any OpenAI-compatible endpoint.

Dispatch endpoints

POST/v1/chat/completionsReceipted

The primary surface. Accepts the standard chat-completions body; supports stream:true. Streamed responses are tee'd so the gateway can hash and guard the output without breaking the stream. Returns one billable=true parent receipt.

POST/v1/embeddingsReceipted

Embeddings dispatch. Same routing, budgeting, and receipt semantics as chat — useful when you want spend and provenance over a retrieval pipeline, not just generation.

GET/v1/modelsTenant-pinned

Lists the models and provider @slugs available to your tenant under its current config. Use the returned ids directly in the model field.

Selecting a provider

Address a specific upstream with an @provider/model slug, or pass a bare model id and let your routing config resolve it. The slug is chain-agnostic and provider-named — it is part of the receipt body, so the model a call actually used is itself tamper-evident.

model field
// pin a provider + model explicitly "model": "@anthropic/claude-opus-4-8" // or pass a bare id and let routing/fallback decide the upstream "model": "claude-opus-4-8"

Request & receipt headers

HeaderDirectionMeaning
AuthorizationrequestBearer ak_… — your gateway key. Keep it server-side.
x-agentics-userrequestEnd-user / actor identifier, recorded for attribution. Set it via create_headers(user=…).
x-agentics-metadatarequestOptional JSON of routing tags (e.g. cost_center) used by conditional routing and chargeback.
x-agentics-receiptresponseThe receipt_hash of the parent receipt for this request. Copy it and verify it — or fold it on your own machine.
x-agentics-decisionresponseallow | block | escalate — the inline policy verdict, itself receipted.

The fixed middleware order

Every request runs the same pipeline before and after the provider call. The order is fixed so behavior is predictable and every step is receiptable:

  1. Resolve provider — the @slug or your config picks the upstream.
  2. Route — fallback / load-balance / conditional routing applies.
  3. Input guardrails + budget pre-check — redaction, policy, and Spend Guard run before a token reaches the provider.
  4. Provider call — streamed responses are tee'd for hashing and guarding.
  5. Output guardrails — checks on the response.
  6. Param shaping — drop or default params per config.
  7. Inline receipt write — one billable=true parent receipt, prev_hash-chained.

Error model

Errors return a JSON body with a stable code and a human message. A policy block is not a transport error — it returns 200 with outcome: "blocked" and a receipt, because the block is itself an auditable event.

StatuscodeMeaning
401unauthorizedMissing or invalid gateway key.
402budget_exceededA Spend Guard hard-stop fired before dispatch. Receipted with outcome: "blocked".
404model_not_foundThe model / @slug isn't available to this tenant.
429rate_limitedProvider or tenant rate limit. Honor Retry-After.
502provider_errorUpstream failed after routing/fallback exhausted. Receipted with outcome: "failed".
Every outcome is receipted. Success, block, and failure all mint a receipt — so "the model refused," "the budget stopped it," and "it worked" are all equally provable after the fact.