> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Restrict Models and Providers

> Limit which models and providers an access key can call.

Use an [access key configuration](/ai-gateway/guides/access-key-configurations) to restrict providers and models. Requests outside the allowlist are rejected before they reach an upstream provider.

## Allow specific providers

```json theme={null}
{
  "name": "OpenAI only",
  "access": {
    "providers": { "allow": ["openai"] }
  },
  "router": {
    "rules": [
      { "provider": "openai", "steps": [{ "type": "ngrok" }] }
    ]
  }
}
```

Assign this configuration to an access key. That key can only reach OpenAI models.

## Allow specific models

```json theme={null}
{
  "name": "Cheap models only",
  "access": {
    "models": {
      "allow": ["openai/gpt-4o-mini", "anthropic/claude-haiku-4-5"]
    }
  }
}
```

Model IDs use the form `provider/modelId` as shown in the [model catalog](/ai-gateway/reference/model-catalog).

## Block pass-through models

If clients use provider prefixes for uncatalogued models, include only known model IDs in the allowlist. Requests for models not listed are rejected.

## Via dashboard

Follow [Create a configuration](/ai-gateway/guides/access-key-configurations#create-a-configuration) in [app.ngrok.ai](https://app.ngrok.ai) to set allowed providers and models, then assign the configuration to your access keys.

## Next steps

* [Access Key Configurations](/ai-gateway/guides/access-key-configurations): Full reference
* [Choose a model](/ai-gateway/guides/model-selection-strategies): Model IDs and provider prefixes
* [Restrict providers and models](/ai-gateway/guides/restrict-providers-and-models): Limit models per key
* [Securing Your Gateway](/ai-gateway/guides/securing-endpoints): Per-client keys
