Authentication & BYOK
Every request to AI Gateway requires authentication. Vercel provides two methods: API keys and OIDC tokens. You can also bring your own provider credentials to use existing agreements or access private features.
Get authenticated in under a minute:
- Go to the AI Gateway API Keys page in your Vercel dashboard
- Click Create key and follow the steps to generate a new API key.
- Copy the API key and add it to your environment:
export AI_GATEWAY_API_KEY="your_api_key_here"The AI SDK automatically uses this environment variable for authentication. If you are using a different SDK, you may need to pass the API key manually.
API keys work anywhere, whether it's local development, external servers, or CI pipelines. Create them in the AI Gateway page and they never expire unless you revoke them.
For applications deployed on Vercel, OIDC tokens are automatically available as VERCEL_OIDC_TOKEN. No secrets to manage, no keys to rotate. It just works.
// Automatically uses OIDC on Vercel, falls back to API key locally
const apiKey = process.env.AI_GATEWAY_API_KEY || process.env.VERCEL_OIDC_TOKEN;BYOK lets you use your own provider credentials. This is useful when you:
- Have existing agreements: Use enterprise pricing or credits from providers
- Need zero markup: BYOK requests have no additional fee
- Require private access: Access provider features that need your own credentials
- Want automatic fallback: If your credentials fail, requests can retry with system credentials
BYOK credentials are configured at the team level and work across all projects. See the BYOK documentation for setup instructions.
- Create your first API key in the dashboard
- Set up BYOK to use your provider credentials
- Learn about OIDC for zero-configuration authentication on Vercel
Was this helpful?