Auth
Every request to /v1/* is authenticated by an API key in the
Authorization: Bearer <key> header. Keys are prefixed gw_live_ and
issued per team from /keys after sign-in.
Scopes
A key carries one or more scopes. The default chat:write scope is enough
to call /v1/chat/completions and /v1/messages. The admin:read scope
unlocks /v1/models enumeration. Scopes are additive and can be tightened
later in /keys without revoking the key.
Rate limits and budgets
Each key can carry a per-minute request cap (rpm_limit), a per-minute
token cap (tpm_limit), and a daily USD budget (daily_budget_usd). The
gateway returns a 429 once any cap is hit, with the canonical OpenAI or
Anthropic error body shape so the SDK classifies the failure cleanly.
Revocation
Revoking a key from /keys flips its is_active flag immediately. The
gateway re-checks the flag on every request, so a revoked key starts
returning 401 within a few seconds with no propagation lag.