Gateway API

The gateway exposes an OpenAI-compatible surface at https://appliance.<your-domain>/v1/... so any existing client library works with a single base-URL change.

Looking for the full machine-readable spec? The Gateway OpenAPI reference is generated from content/openapi/gateway.json and covers every endpoint, every schema, and every error code.

Authentication

Use a virtual key in the Authorization header:

Authorization: Bearer op_live_26f2_f9b8c4e2aa1345b7d3f27a901c55d88a

Keys are minted in the operator portal — see Virtual keys.

Chat completions

POST /v1/chat/completions
Content-Type: application/json
 
{
  "model": "operayde/instruct-13b",
  "messages": [
    {"role": "system", "content": "You are a legal research assistant."},
    {"role": "user",   "content": "Summarise the attached judgment."}
  ],
  "stream": true,
  "temperature": 0.2
}

Responses stream Server-Sent Events when stream is true; otherwise the body is a single JSON object with choices, usage, and id.

Models

GET /v1/models

Returns the set of models currently loaded on this appliance, filtered by the scopes of the presented key.

Embeddings

POST /v1/embeddings
Content-Type: application/json
 
{
  "model": "operayde/embed-bge",
  "input": ["first chunk", "second chunk"]
}

Tool calls

Tool calls follow the OpenAI function-calling protocol. The gateway evaluates the tool: scopes on the calling key and the current OPA bundle before exposing any tool to the model.

Errors

Errors follow a stable envelope:

{
  "error": {
    "code":    "policy_denied",
    "message": "Key 'research-team' lacks tool:code_exec scope.",
    "type":    "policy",
    "request_id": "req_01HZ...", 
    "policy_decision_id": "dec_01HZ..."
  }
}

Codes are documented alongside each endpoint in the full reference.