Engineering Workspace
BYOK Credentials
Bring your own provider keys. The console routes matching inference traffic through your credentials and meters it alongside everything else.
Endpoints
POST
/api/v1/workspace/byokGET
/api/v1/workspace/byokDELETE
/api/v1/workspace/byok/{id}POST
/api/v1/workspace/byok/{id}/verifySupported providers
| Provider | provider value |
|---|---|
| OpenAI | openai |
| Anthropic | anthropic |
| Google Gemini | google_gemini |
| Mistral | mistral |
| AWS Bedrock | aws_bedrock |
| Azure OpenAI | azure_openai |
| Together AI | together_ai |
| Nebius | nebius |
Secret handling & verification
- Secrets are encrypted at rest; the console never returns them after creation.
- Credentials are auto-verified against the provider's
/v1/modelsendpoint when added. You can re-check at any time with theverifyendpoint.
CLI
stimulir byok add --provider openai --label team-openai # secret prompted without echo
# Re-verify later
stimulir byok verify <credential-id>From the CLI
bash
stimulir byok add --provider openai --label team-openai
stimulir byok list
stimulir byok verify <credential-id>
stimulir byok remove <credential-id>How routing uses BYOK
Inference requests to POST /api/v1/inference/chat/completions are routed by model prefix: when the model matches a verified BYOK credential, the request goes upstream with your key; otherwise it falls through to Managed Inference. Either way, usage is metered per request.
See Deployment Modes for how BYOK compares with Managed Inference and BYOC.