Core Concepts
Provider keys
Orqen is a proxy. Your LLM calls are forwarded to your own provider accounts, so you control billing, rate limits, provider terms, and model access.
Two ways to provide credentials
Dashboard vault
Store provider keys once in the Orqen dashboard. Keys are encrypted at rest and injected per request.
Per-request credentials
Pass provider credentials directly in the request for testing, ephemeral environments, or Bedrock.
Stored provider keys
In the dashboard, open Providers, choose a provider, and save the key. Orqen stores only encrypted ciphertext and a short preview.
from openai import OpenAI
client = OpenAI(
api_key="sk-orq-YOUR_KEY",
base_url="https://api.orqen.app/v1",
)
# Orqen fetches your stored OpenAI key and forwards the request.
response = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Hello"}],
)Per-request Bedrock credentials
Bedrock can be configured from the dashboard, or supplied per request:
{
"model": "bedrock/anthropic.claude-3-5-sonnet-20241022-v2:0",
"messages": [{ "role": "user", "content": "Review this incident summary" }],
"aws_access_key_id": "AKIA...",
"aws_secret_access_key": "...",
"aws_region_name": "us-east-1"
}Provider management API
curl https://api.orqen.app/v1/account/providers \
-X PUT \
-H "Authorization: Bearer sk-orq-YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"provider": "openai",
"api_key": "sk-proj-..."
}'Security notes
Keep Orqen API keys separate from provider keys. Orqen API keys authenticate your agent to Orqen; provider keys authenticate Orqen to the upstream model provider on your behalf.