Obiguard API accepts 4 kinds of headers for your requests:

Obiguard Authentication HeaderRequiredFor Obiguard auth
Provider Authentication Headers OR Cloud-Specific HeadersRequiredFor provider auth
Custom HeadersOptionalTo forward any other headers directly

Obiguard Authentication

Obiguard API Key

x-obiguard-api-key / api_key / apiKey
string
required

Authenticate your requests with your Obiguard API key. Obtain API key from the Obiguard dashboard.
Environment variable: OBIGUARD_API_KEY

Provider Authentication

In addition to the Obiguard API key, you must provide information about the AI provider you’re using. There are 4 ways to do this:

1. Provider Slug + Auth

Useful if you do not want to save your API keys to Obiguard vault and make direct requests.

x-obiguard-provider / provider
string

Specifies the provider you’re using (e.g., openai, anthropic, vertex-ai).
List of Obiguard supported providers here.

Authorization
string

Pass the auth details for the specified provider as a "Bearer $TOKEN".

If your provider expects their auth with headers such as x-api-key or api-key, you can pass the token with the Authorization header directly and Obiguard will convert it into the provider-specific format.

2. Virtual Key

x-obiguard-api-key / obiguard_api_key / obiguardApiKey
string

Save your provider auth on Obiguard and use a virtual key to directly make a call. This value is pass in the same field as Obiguard API key. Docs

4. Custom Host

x-obiguard-custom-host / custom_host / customHost
string

Specifies the base URL where you want to send your request

x-obiguard-provider / provider
string

Target provider that’s availabe on your base URL. If you are unsure of which target provider to set, you can set openai.

Authorization
string

Pass the auth details for the specified provider as a "Bearer $TOKEN".

If your provider expects their auth with headers such as x-api-key or api-key, you can pass the token with the Authorization header directly and Obiguard will convert it into the provider-specific format.

Custom Headers

You can pass any other headers your API expects by directly forwarding them without any processing by Obiguard.
This is especially useful if you want to pass send sensitive headers.

Forward Headers

x-obiguard-forward-headers / forward_headers / forwardHeaders
array of strings

Pass all the headers you want to forward directly in this array. (Docs)

Cloud-Specific Headers (Azure, Google, AWS)

Pass more configuration headers for Azure OpenAI, Google Vertex AI, or AWS Bedrock

Azure

  • x-obiguard-azure-resource-name, x-obiguard-azure-deployment-id, x-obiguard-azure-api-version, Authorization, x-obiguard-azure-model-name

Google Vertex AI

  • x-obiguard-vertex-project-id, x-obiguard-vertex-region, X-Vertex-AI-LLM-Request-Type

AWS Bedrock

  • x-obiguard-aws-session-token, x-obiguard-aws-secret-access-key, x-obiguard-aws-region, x-obiguard-aws-session-token

List of All Headers

The following is a comprehensive list of headers that can be used when initializing the Obiguard client.

Obiguard adheres to language-specific naming conventions:

  • camelCase for JavaScript/Node.js parameters
  • snake_case for Python parameters
  • hyphenated-keys for HTTP headers
ParameterTypeKey
API Key Your Obiguard account’s API Key.stringrequiredobiguard_api_key
Provider The AI provider to use for your calls. (supported providers).stringprovider
Base URL You can edit the URL of the gateway to use.stringbase_url
Custom Host Route to locally or privately hosted model by configuring the API URL with custom hoststringcustom_host
Forward Headers Forward sensitive headers directly to your model’s API without any processing from Obiguard.array of stringforward_headers
Azure OpenAI Headers Configuration headers for Azure OpenAI that you can send separatelystringazure_resource_name azure_deployment_id azure_api_version azure_model_name
Google Vertex AI Headers Configuration headers for Vertex AI that you can send separatelystringvertex_project_id vertex_region
AWS Bedrock Headers Configuration headers for Bedrock that you can send separatelystringaws_access_key_id aws_secret_access_key aws_region aws_session_token

Using Headers

You can send these headers in multiple ways:

Obiguard SDK
# Python - At initialization
from obiguard import Obiguard

client = Obiguard(
  obiguard_api_key="vk-obg***",  # Your Obiguard virtual key
)

# Python - At runtime
completion = client.with_options(
  trace_id="your_trace_id",
  metadata={"_user": "user_12345"}
).chat.completions.create(
  messages=[{"role": "user", "content": "Hello!"}],
  model="gpt-4o"
)