Skip to main content
Use an access key configuration to restrict providers and models. Requests outside the allowlist are rejected before they reach an upstream provider.

Allow specific providers

{
  "name": "OpenAI only",
  "access": {
    "providers": { "allow": ["openai"] }
  },
  "router": {
    "rules": [
      { "provider": "openai", "steps": [{ "type": "ngrok" }] }
    ]
  }
}
Assign this configuration to an access key. That key can only reach OpenAI models.

Allow specific models

{
  "name": "Cheap models only",
  "access": {
    "models": {
      "allow": ["openai/gpt-4o-mini", "anthropic/claude-haiku-4-5"]
    }
  }
}
Model IDs use the form provider/modelId as shown in the model catalog.

Block pass-through models

If clients use provider prefixes for uncatalogued models, include only known model IDs in the allowlist. Requests for models not listed are rejected.

Via dashboard

Follow Create a configuration in app.ngrok.ai to set allowed providers and models, then assign the configuration to your access keys.

Next steps