Supported providers

July 9, 2026 · View on GitHub

Last modified: 2026-07-09

SBproxy ships native adapters for 66 LLM providers behind one OpenAI-compatible API. You bring your own key per provider, and the model field passes straight through to the upstream, so the gateway reaches 200+ models (and whatever a provider ships next) without enumerating them. Most adapters speak the OpenAI wire format and pass through unchanged. Anthropic, Bedrock, and Gemini use in-tree translators for OpenAI-shaped chat or embedding clients; SageMaker, Oracle, Watsonx, and other Custom formats pass through in their native shape.

The catalog is plain YAML and you can extend it yourself: see Extending the provider catalog.

Native providers

Each provider has a default base URL and auth format. Override base_url if you self-host or use a regional endpoint.

NameProviderFormatAuthDefault Base URL
openaiOpenAIOpenAIAuthorization: Bearerhttps://api.openai.com/v1
anthropicAnthropic ClaudeAnthropic Messagesx-api-keyhttps://api.anthropic.com/v1
geminiGoogle GeminiGooglex-goog-api-keyhttps://generativelanguage.googleapis.com/v1beta
azureAzure OpenAIOpenAIapi-keyhttps://{resource}.openai.azure.com/openai
bedrockAWS BedrockBedrockAuthorization (SigV4 signed externally)1https://bedrock-runtime.{region}.amazonaws.com
cohereCohereOpenAIAuthorization: Bearerhttps://api.cohere.com/v2
mistralMistral AIOpenAIAuthorization: Bearerhttps://api.mistral.ai/v1
groqGroqOpenAIAuthorization: Bearerhttps://api.groq.com/openai/v1
deepseekDeepSeekOpenAIAuthorization: Bearerhttps://api.deepseek.com/v1
ollamaOllama (local)OpenAIAuthorization: Bearer (optional)2http://localhost:11434/v1
vllmvLLM (self-hosted)OpenAIAuthorization: Bearerhttp://localhost:8000/v1
tgiHugging Face TGI (self-hosted)OpenAIAuthorization: Bearerhttp://localhost:8080/v1
lmstudioLM Studio (local)OpenAIAuthorization: Bearerhttp://localhost:1234/v1
llamacppllama.cpp server (local)OpenAIAuthorization: Bearerhttp://localhost:8080/v1
togetherTogether AIOpenAIAuthorization: Bearerhttps://api.together.xyz/v1
fireworksFireworks AIOpenAIAuthorization: Bearerhttps://api.fireworks.ai/inference/v1
perplexityPerplexityOpenAIAuthorization: Bearerhttps://api.perplexity.ai
xaixAI (Grok)OpenAIAuthorization: Bearerhttps://api.x.ai/v1
sagemakerAmazon SageMakerCustomAuthorization (SigV4 signed externally)1https://runtime.sagemaker.{region}.amazonaws.com
databricksDatabricksOpenAIAuthorization: Bearerhttps://{workspace}.cloud.databricks.com/serving-endpoints
oracleOracle OCI Generative AICustomAuthorization: Bearerhttps://inference.generativeai.{region}.oci.oraclecloud.com
watsonxIBM watsonxCustomAuthorization: Bearerhttps://us-south.ml.cloud.ibm.com/ml/v1
openrouterOpenRouter (aggregator)OpenAIAuthorization: Bearerhttps://openrouter.ai/api/v1
cloudflareCloudflare Workers AIOpenAIAuthorization: Bearerhttps://api.cloudflare.com/client/v4/accounts/{account_id}/ai/v1
vertexGoogle Vertex AIOpenAIAuthorization: Bearer3https://{location}-aiplatform.googleapis.com/v1/projects/{project_id}/locations/{location}/endpoints/openapi
runpodRunPod ServerlessOpenAIAuthorization: Bearerhttps://api.runpod.ai/v2/{endpoint_id}/openai/v1
crusoeCrusoe Cloud InferenceOpenAIAuthorization: Bearerhttps://managed-inference-api-proxy.crusoecloud.com/v1
featherlessFeatherless AIOpenAIAuthorization: Bearerhttps://api.featherless.ai/v1
rekaReka AIOpenAIAuthorization: Bearerhttps://api.reka.ai/v1
anyscaleAnyscale EndpointsOpenAIAuthorization: Bearerhttps://api.endpoints.anyscale.com/v1
cerebrasCerebras InferenceOpenAIAuthorization: Bearerhttps://api.cerebras.ai/v1
nvidiaNVIDIA NIMOpenAIAuthorization: Bearerhttps://integrate.api.nvidia.com/v1
hyperbolicHyperbolicOpenAIAuthorization: Bearerhttps://api.hyperbolic.xyz/v1
leptonLepton AIOpenAIAuthorization: Bearerhttps://api.lepton.run/v1
deepinfraDeepInfraOpenAIAuthorization: Bearerhttps://api.deepinfra.com/v1/openai
novitaNovita AIOpenAIAuthorization: Bearerhttps://api.novita.ai/v3/openai
sambanovaSambaNova CloudOpenAIAuthorization: Bearerhttps://api.sambanova.ai/v1
siliconflowSiliconFlowOpenAIAuthorization: Bearerhttps://api.siliconflow.cn/v1
moonshotMoonshot AI (Kimi)OpenAIAuthorization: Bearerhttps://api.moonshot.cn/v1
dashscopeAlibaba DashScope (Qwen)OpenAIAuthorization: Bearerhttps://dashscope.aliyuncs.com/compatible-mode/v1
zhipuZhipu AI (GLM)OpenAIAuthorization: Bearerhttps://open.bigmodel.cn/api/paas/v4
voyageVoyage AI (embeddings only)4OpenAIAuthorization: Bearerhttps://api.voyageai.com/v1
jinaJina AI (embeddings only)4OpenAIAuthorization: Bearerhttps://api.jina.ai/v1
huggingfaceHugging Face Inference ProvidersOpenAIAuthorization: Bearerhttps://router.huggingface.co/v1
github_modelsGitHub ModelsOpenAIAuthorization: Bearerhttps://models.github.ai/inference
vercelVercel AI GatewayOpenAIAuthorization: Bearerhttps://ai-gateway.vercel.sh/v1
nebiusNebius AI StudioOpenAIAuthorization: Bearerhttps://api.studio.nebius.ai/v1
basetenBaseten Model APIsOpenAIAuthorization: Bearerhttps://inference.baseten.co/v1
lambdaLambda Inference APIOpenAIAuthorization: Bearerhttps://api.lambda.ai/v1
friendliaiFriendliAI ServerlessOpenAIAuthorization: Bearerhttps://api.friendli.ai/serverless/v1
scalewayScaleway Generative APIsOpenAIAuthorization: Bearerhttps://api.scaleway.ai/v1
nscaleNscale Serverless InferenceOpenAIAuthorization: Bearerhttps://inference.api.nscale.com/v1
digitaloceanDigitalOcean Gradient InferenceOpenAIAuthorization: Bearerhttps://inference.do-ai.run/v1
ovhcloudOVHcloud AI EndpointsOpenAIAuthorization: Bearerhttps://oai.endpoints.kepler.ai.cloud.ovh.net/v1
inferencenetInference.netOpenAIAuthorization: Bearerhttps://api.inference.net/v1
klusterkluster.aiOpenAIAuthorization: Bearerhttps://api.kluster.ai/v1
openpipeOpenPipeOpenAIAuthorization: Bearerhttps://api.openpipe.ai/api/v1
writerWriter (Palmyra)OpenAIAuthorization: Bearerhttps://api.writer.com/v1
upstageUpstage (Solar)OpenAIAuthorization: Bearerhttps://api.upstage.ai/v1/solar
alephalphaAleph AlphaOpenAIAuthorization: Bearerhttps://api.aleph-alpha.com/v1
minimaxMiniMaxOpenAIAuthorization: Bearerhttps://api.minimax.io/v1
volcengineVolcengine Ark (Doubao)OpenAIAuthorization: Bearerhttps://ark.cn-beijing.volces.com/api/v3
hunyuanTencent HunyuanOpenAIAuthorization: Bearerhttps://api.hunyuan.cloud.tencent.com/v1
qianfanBaidu Qianfan (ERNIE)OpenAIAuthorization: Bearerhttps://qianfan.baidubce.com/v2
stepfunStepFunOpenAIAuthorization: Bearerhttps://api.stepfun.com/v1
mixedbreadMixedbread (embeddings only)4OpenAIAuthorization: Bearerhttps://api.mixedbread.com/v1

The cloudflare, vertex, and runpod defaults contain path template parameters ({account_id}, {location}, {project_id}, {endpoint_id}). Fill them in by overriding base_url per-origin, typically with environment-or-config interpolation (for example base_url: https://api.runpod.ai/v2/${RUNPOD_ENDPOINT_ID}/openai/v1). Paths left with literal placeholders will reach the upstream as-is and 404.

format is the wire protocol the upstream expects. OpenAI-compatible upstreams pass through unchanged. Anthropic, Google Gemini, and AWS Bedrock are translated bidirectionally for chat-completions requests: clients send OpenAI-shaped bodies, SBproxy rewrites the body and path on the way out, and SBproxy rewrites the response back to OpenAI shape. For streaming, the relay parses native Anthropic, Gemini, and Bedrock stream frames into the internal hub stream and re-emits OpenAI Chat, Anthropic Messages, or OpenAI Responses shape based on the inbound route. Gemini embeddings at /v1/embeddings translate to and from Gemini embedding calls. Oracle OCI, Watsonx, SageMaker, and other Custom formats remain native pass-through, so clients must send the provider's native body shape or route through OpenRouter/custom translation.

Override base_url to use a region other than us-south for watsonx, or to point Bedrock and SageMaker at a non-default region.

Configuring a provider

origins:
  "ai.example.com":
    action:
      type: ai_proxy
      providers:
        - name: anthropic
          api_key: ${ANTHROPIC_API_KEY}
          default_model: claude-sonnet-4-5
          models:
            - claude-sonnet-4-5
            - claude-haiku-4-5

Useful per-provider knobs:

providers:
  - name: openai
    api_key: ${OPENAI_API_KEY}
    base_url: https://api.openai.com/v1     # Override default
    models: ["gpt-4o", "gpt-4o-mini"]       # Whitelist
    default_model: gpt-4o-mini              # Used when client omits `model`
    model_map:                              # Rename models on the way out
      fast: gpt-4o-mini
      smart: gpt-4o
    weight: 3                               # For weighted routing
    priority: 1                             # For fallback chain (lower wins)
    enabled: true
    max_retries: 3
    timeout_ms: 30000

Reaching providers not on this list

Three options, roughly in order of preference:

  1. Point any provider at a custom base_url. Most upstreams speak the OpenAI wire format, so a provider_type: openai entry with your own base_url reaches anything OpenAI-compatible: a self-hosted vLLM or SGLang pool, an internal gateway, or a proprietary endpoint.
  2. Add the provider to the catalog yourself. It is plain YAML and ships uncompiled. See Extending the provider catalog.
  3. Use openrouter as a single-key aggregator when you want many vendors without holding a direct account with each. It is one of the native providers, no different from the rest:
providers:
  - name: openrouter
    api_key: ${OPENROUTER_API_KEY}
    default_model: anthropic/claude-sonnet-4.5
    models:
      - anthropic/claude-sonnet-4.5
      - meta-llama/llama-3.1-70b-instruct
      - mistralai/mistral-large

Local and self-hosted OpenAI-compatible runtimes are first-class providers in the registry: ollama, vllm, tgi, lmstudio, and llamacpp. Each has a sensible default base_url matching the runtime's convention. Override base_url if you bind elsewhere. See example 86 for a hybrid local-plus-cloud config that falls back from a local Ollama to OpenAI when local is offline.

base_url validation and local servers

An overridden base_url is validated at config load to keep it from becoming an SSRF vector. Non-http(s) schemes (file://, ...) are always rejected, and by default a URL that targets a loopback, link-local, or private (RFC 1918) address is rejected too, so a stray http://169.254.169.254/ or http://127.0.0.1/ fails fast instead of being dispatched at request time.

A local model server is the legitimate exception: it lives on 127.0.0.1 or a LAN address. Set allow_private_base_url: true on that provider to permit its private base_url. The scheme check still applies. Providers that use a registry default (no base_url override) are unaffected.

providers:
  - name: local-ollama
    provider_type: ollama
    base_url: http://127.0.0.1:11434/v1
    allow_private_base_url: true

Extending the provider catalog

The provider list above is not hard-coded. It is a plain YAML registry that ships embedded in the binary; the source of truth is crates/sbproxy-ai/data/ai_providers.yml. Each entry maps a provider name to its base URL, auth header, and wire format. Models are never listed here: the model field on a request passes straight through to the upstream, so a provider's whole model lineup is reachable the moment the provider is in the catalog, and new models work the day the upstream ships them.

There are three ways to reach a provider that is not already listed, from least to most permanent:

1. Override base_url on a single provider (no catalog change)

For a one-off OpenAI-compatible endpoint, reuse an existing OpenAI-format provider_type and point it wherever you like. Nothing to rebuild.

providers:
  - name: my-endpoint
    provider_type: openai          # reuse the OpenAI wire format
    base_url: https://llm.internal.example.com/v1
    api_key: ${INTERNAL_LLM_KEY}
    default_model: my-finetune

2. Replace the catalog at runtime with proxy.ai_providers_file

Point the gateway at your own catalog on disk. The file fully replaces the embedded set, so include every provider you intend to use. This needs no rebuild and survives upgrades.

proxy:
  ai_providers_file: /etc/sbproxy/ai_providers.yml

Each entry uses these fields:

providers:
  - name: my_provider              # canonical id used in sb.yml (required)
    display_name: My Provider      # human label (required)
    aliases: [mine, myprov]        # optional alternative lookup names
    default_base_url: https://api.my-provider.com/v1   # required
    auth_header: Authorization     # header carrying the key (default Authorization)
    auth_prefix: "Bearer "         # prefix prepended to the key ("" for raw keys)
    format: openai                 # wire format: openai | anthropic | google | bedrock | custom
    supports_streaming: true
    supports_embeddings: false
    supports_chat: true            # set false for embeddings/rerank-only providers

A malformed override file is rejected and the gateway falls back to the embedded catalog rather than booting with no providers.

3. Add it to the in-tree registry

To make a provider part of the default build, append an entry to crates/sbproxy-ai/data/ai_providers.yml using the same schema, then regenerate the embedded copy:

gzip -9 -n -c crates/sbproxy-ai/data/ai_providers.yml \
  > crates/sbproxy-ai/data/ai_providers.yml.gz

The registry picks it up on the next build. format: openai covers any OpenAI-compatible upstream; reach for anthropic, google, bedrock, or custom only when the upstream speaks that native shape.

See also

Footnotes

  1. Bedrock and SageMaker requests must be signed with SigV4 before reaching SBproxy. The gateway forwards the signed Authorization header verbatim. 2

  2. Ollama allows blank API keys; SBproxy forwards an empty Bearer token if api_key is unset.

  3. Vertex AI requires a short-lived OAuth2 access token rather than a static API key. Generate one with gcloud auth print-access-token (or your service account flow) and rotate it before expiry. SBproxy forwards the configured api_key verbatim as the bearer token.

  4. Voyage and Jina expose embeddings (and rerank) endpoints only. Their catalog entries set supports_chat: false so chat-completion configs against these providers will fail closed at validation time once the runtime check is wired. 2 3