Core Concepts
Provider keys
Orqen is a proxy. Your LLM calls are forwarded to your own provider accounts, so you control billing, rate limits, provider terms, and model access.
Two ways to provide credentials
Dashboard vault
Store provider keys once in the Orqen dashboard. Keys are encrypted at rest and injected per request.
Per-request credentials
Pass provider credentials directly in OpenAI-format requests for testing or ephemeral environments.
Stored provider keys
In the dashboard, open Providers, choose a provider, and save the key. Orqen stores only encrypted ciphertext and a short preview.
from openai import OpenAI
client = OpenAI(
api_key="sk-orq-YOUR_KEY",
base_url="https://api.orqen.app/v1",
)
# Orqen fetches your stored OpenAI key and forwards the request.
response = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Hello"}],
)Per-request Bedrock credentials
Bedrock credentials can be supplied per request only on Orqen's OpenAI-compatible/v1/chat/completions endpoint. Native boto3converse() does not allow these extra fields; store the upstream Bedrock key in Providers when using boto3.
client.chat.completions.create(
model="bedrock/anthropic.claude-sonnet-4-6",
messages=[{"role": "user", "content": "Review this incident summary"}],
extra_body={
"aws_bearer_token_bedrock": "...",
"aws_region_name": "us-east-1",
},
)Provider management API
curl https://api.orqen.app/v1/account/providers \
-X PUT \
-H "Authorization: Bearer sk-orq-YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"provider": "openai",
"api_key": "sk-proj-..."
}'Security notes
Keep Orqen API keys separate from provider keys. Orqen API keys authenticate your agent to Orqen; provider keys authenticate Orqen to the upstream model provider on your behalf.