Skip to main content
The Trident LLM Gateway sits between your application code and the upstream model providers. Every request is pre-scanned by the runtime firewall, every response is post-scanned for canary leakage, and token spend is tracked against your project’s monthly budget — all without changing the shape of your existing OpenAI or Anthropic API calls. To adopt the gateway, change your SDK’s base URL to the corresponding Trident endpoint. No other code changes are required.

Endpoints

ProviderTrident Gateway URL
OpenAIPOST https://app.usetrident.dev/api/public/gateway/openai/v1/chat/completions
AnthropicPOST https://app.usetrident.dev/api/public/gateway/anthropic/v1/messages

Authentication

The gateway uses your Trident project credentials (the same HTTP Basic auth used by all other Trident endpoints). Your OpenAI or Anthropic API keys are stored encrypted on your Trident project and are never passed from your application — you configure them once in the dashboard under Project Settings → Gateway. Set the Authorization header to Basic <base64(publicKey:secretKey)> where publicKey and secretKey are your Trident credentials.
Do not put your OpenAI or Anthropic key in the Authorization header when calling the Trident gateway. That header is for your Trident credentials. Your provider API keys live in Project Settings → Gateway and are injected server-side.

POST /api/public/gateway/openai/v1/chat/completions

A drop-in replacement for the OpenAI Chat Completions API. The request and response shapes are identical to https://api.openai.com/v1/chat/completions.

What happens on each request

1

Firewall pre-scan

Trident extracts the last user message and scans it with the runtime firewall. If the prompt is blocked, the gateway returns HTTP 451 immediately — no request is forwarded to OpenAI.
2

Upstream forwarding

Trident forwards your full request body to OpenAI using your stored, encrypted API key.
3

Firewall post-scan

The assistant’s response is scanned for canary token leakage (best-effort, non-blocking).
4

Spend tracking

Token usage is priced and accumulated against your project’s monthly budget. When the budget is exhausted, subsequent requests return HTTP 402.

Example: OpenAI SDK with base URL override

import OpenAI from "openai";

const client = new OpenAI({
  // Your Trident credentials — NOT your OpenAI key
  apiKey: process.env.TRIDENT_PROJECT_SECRET_KEY,
  baseURL: "https://app.usetrident.dev/api/public/gateway/openai/v1",
  defaultHeaders: {
    // Basic auth: the SDK sets Authorization: Bearer <apiKey> by default,
    // but the gateway expects Basic auth. Override it here.
    Authorization:
      "Basic " +
      Buffer.from(
        `${process.env.TRIDENT_PROJECT_PUBLIC_KEY}:${process.env.TRIDENT_PROJECT_SECRET_KEY}`,
      ).toString("base64"),
  },
});

const response = await client.chat.completions.create({
  model: "gpt-4o",
  messages: [{ role: "user", content: "Summarise our Q1 sales numbers." }],
});

console.log(response.choices[0].message.content);

POST /api/public/gateway/anthropic/v1/messages

A drop-in replacement for the Anthropic Messages API. The request and response shapes are identical to https://api.anthropic.com/v1/messages. The same firewall scan, post-scan, and spend tracking apply.

Example: Anthropic SDK with base URL override

import anthropic
import base64
import os

pub = os.environ["TRIDENT_PROJECT_PUBLIC_KEY"]
sec = os.environ["TRIDENT_PROJECT_SECRET_KEY"]
token = base64.b64encode(f"{pub}:{sec}".encode()).decode()

client = anthropic.Anthropic(
    # The Anthropic SDK sends x-api-key; override the base URL so
    # requests go through Trident. Auth is handled via the
    # default_headers override below.
    base_url="https://app.usetrident.dev/api/public/gateway/anthropic",
    api_key="placeholder",  # replaced by default_headers
    default_headers={"Authorization": f"Basic {token}"},
)

message = client.messages.create(
    model="claude-opus-4-5",
    max_tokens=1024,
    messages=[{"role": "user", "content": "What are the key risks in our deployment pipeline?"}],
)

print(message.content[0].text)

Error responses

When the firewall pre-scan blocks a prompt, the gateway returns HTTP 451 with the following body: 
{
  "error": "blocked_by_vouch_firewall",
  "verdict": {
    "is_valid": false,
    "scanners": {
      "prompt_injection": { "score": 0.97, "threshold": 0.5 }
    }
  }
}
When your monthly budget is exhausted, the gateway returns HTTP 402: 
{
  "error": "budget_exceeded",
  "budgetUsd": 100.00,
  "spentUsd": 100.43
}
When the provider API key has not been configured on the project yet, the gateway returns HTTP 412: 
{
  "error": "openai_key_not_configured",
  "message": "Set the OpenAI key on the project's gateway settings page first."
}

Prerequisites

Before you can use the gateway, configure your provider API keys in the Trident dashboard:
1

Open Project Settings

Navigate to app.usetrident.dev → your project → Project Settings.
2

Go to Gateway

Select the Gateway tab.
3

Enter your provider API key

Paste your OpenAI or Anthropic API key. Trident encrypts it immediately — the raw key is never stored in plaintext.
4

Optionally set a monthly budget

Set a Monthly budget (USD) to cap spend. Requests that would exceed the budget are rejected before forwarding.