Skip to main content
POST
/
admin
/
providers
Create a provider
curl --request POST \
  --url https://{organization_id}.platform.barndoor.ai/api/llm-gateway/admin/providers \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "model_provider": "openai",
  "base_url": "<string>",
  "auth_type": "api_key",
  "api_key": "<string>",
  "catalog_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "connection_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "models": [
    "gpt-4o-mini",
    "gpt-4o"
  ],
  "settings": {},
  "credentials": {},
  "request_timeout_secs": 1800,
  "stream_idle_timeout_secs": 900
}
'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "org_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "name": "OpenAI Production (US)",
  "model_provider": "openai",
  "auth_type": "api_key",
  "base_url": "<string>",
  "enabled": true,
  "settings": {},
  "catalog_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "connection_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "request_timeout_secs": 1800,
  "stream_idle_timeout_secs": 900,
  "catalog_slug": "<string>"
}
A Provider is a named upstream that authenticates with one credential and serves a model family. Provider creation supports two modes:
  • Inline credential — pass api_key (or credentials) directly. Barndoor stores the secret in its encrypted secret store, scoped to this provider.
  • Shared credential — pass connection_id referencing an existing Credential. The provider’s auth_type, base_url, and settings inherit from the shared record.

Auto-enabling models in one call

Pass a list of upstream model names in models and Barndoor will create a 1:1 Model Route for each one in the same call. The route’s alias matches the upstream model name so callers can address it as <provider>/<model>. Add bare-name aliases or failover routes afterwards via the Model Routes endpoints.

Example

curl -X POST https://app.barndoor.ai/api/llm-gateway/admin/providers \
  -H "Authorization: Bearer $BARNDOOR_JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "OpenAI Production (US)",
    "model_provider": "openai",
    "base_url": "https://api.openai.com/v1",
    "connection_id": "4f8b2a3c-12ee-4d92-9c7b-e7d2f8b0a111",
    "models": ["gpt-4o-mini", "gpt-4o", "text-embedding-3-large"]
  }'
See the Quickstart Guide for the full walkthrough.

Authorizations

Authorization
string
header
required

JWT obtained through Barndoor's authentication flow. Pass the token verbatim in Authorization: Bearer <token>. Use the Barndoor SDK's loginInteractive() helper to obtain a token in scripts and notebooks.

Body

application/json
name
string
required
model_provider
enum<string>
required

Slug of the upstream model provider this resource speaks to

Available options:
openai,
anthropic,
azure_openai,
google_ai,
bedrock,
vertex,
groq,
together,
mistral,
cohere,
xai,
fireworks,
perplexity,
openrouter,
deepseek,
custom
Example:

"openai"

base_url
string
required
auth_type
string

The authentication scheme this credential or provider uses to talk to the upstream model provider. Valid values depend on model_provider: for OpenAI/Anthropic-style vendors this is typically api_key; for AWS Bedrock it is one of aws_role, aws_keys, or bedrock_api_key; for Google Vertex it is google_adc, google_service_account, or google_impersonation; Anthropic OAuth passthrough uses oauth_passthrough.

Example:

"api_key"

api_key
string<password>

Required for direct API-key auth when no connection_id is provided

catalog_id
string<uuid>

Optional reference to a provider catalog template

connection_id
string<uuid>

Optional reference to a shared Credentials record

models
string[]

Upstream models to enable on this provider as 1:1 model routes. Each entry creates a route where the alias equals the upstream model name (so callers can address it as <provider>/<model>).

Example:
["gpt-4o-mini", "gpt-4o"]
settings
object
credentials
object

Structured non-API-key credentials (AWS keys, Vertex SA JSON, etc.)

request_timeout_secs
integer | null
Required range: 1 <= x <= 3600
stream_idle_timeout_secs
integer | null
Required range: 1 <= x <= 1800

Response

The newly created provider

A named upstream provider backed by a credential and a model family.

id
string<uuid>
required
org_id
string<uuid>
required
name
string
required
Example:

"OpenAI Production (US)"

model_provider
enum<string>
required

Slug of the upstream model provider this resource speaks to

Available options:
openai,
anthropic,
azure_openai,
google_ai,
bedrock,
vertex,
groq,
together,
mistral,
cohere,
xai,
fireworks,
perplexity,
openrouter,
deepseek,
custom
Example:

"openai"

auth_type
string
required

The authentication scheme this credential or provider uses to talk to the upstream model provider. Valid values depend on model_provider: for OpenAI/Anthropic-style vendors this is typically api_key; for AWS Bedrock it is one of aws_role, aws_keys, or bedrock_api_key; for Google Vertex it is google_adc, google_service_account, or google_impersonation; Anthropic OAuth passthrough uses oauth_passthrough.

Example:

"api_key"

base_url
string<uri>
required
enabled
boolean
default:true
required
settings
object
required
catalog_id
string<uuid> | null

Reference to a built-in provider catalog template, if used

connection_id
string<uuid> | null

Reference to a shared Credentials record, if any

request_timeout_secs
integer | null

Provider-tier total-request timeout override. When null (the default) the gateway inherits the platform default. Affects every route served by this provider unless a more specific Model Route value overrides it.

Required range: 1 <= x <= 3600
stream_idle_timeout_secs
integer | null

Maximum allowed idle gap between streamed response chunks. null inherits the platform default.

Required range: 1 <= x <= 1800
catalog_slug
string | null

Catalog slug shorthand used in some response listings