Skip to main content
This page covers how to authenticate with Lava, construct proxy URLs, and handle responses and errors.
Prerequisites: You need a Lava merchant account with a secret key. See Quickstart: Make Your First Request to get started.

Authentication

Lava supports two ways to authenticate gateway requests:

Using Your Secret Key (Simplest)

Pass your secret key directly in the Authorization header. Costs are charged to your merchant wallet — no token generation needed.
This is all you need to route requests through the gateway with usage tracking and cost logging.

Forward Tokens

When you need to bill customers, apply metering, or use your own provider keys, use a forward token — a base64-encoded JSON that bundles your secret key with billing parameters.

Token Combinations

The fields you include determine how the request is authenticated and billed: Any combination can include provider_key to use your own provider credentials (BYOK) instead of Lava’s managed keys. disable_billing is only meaningful together with customer_id and meter_slug — it preserves full customer context while redirecting charges to your merchant wallet. Use it for free trials, testing, or promotional requests. See Meter-Only Mode & Disable Billing for details.

Customer Billing Mode

To bill a customer’s wallet, include their customer_id and your pricing meter_slug in the token:

Constructing the Request URL

Lava routes requests by wrapping the provider’s API endpoint (e.g., OpenAI’s chat completions URL) as a query parameter using Lava’s forward endpoint:
See Supported Providers for the full list of providers you can access with Lava AI Gateway.
As a best practice, the provider URL should be URL-encoded.

Provider Examples

The pattern is the same for every provider — only the URL, body format, and provider-specific headers change.
Provider-specific headers (like anthropic-version) are passed through unchanged. The request body uses the provider’s native format — Lava doesn’t modify it.

Streaming

Add "stream": true to your request body. Lava proxies SSE chunks in real-time without buffering — the response is identical to calling the provider directly. Usage and billing are recorded after the stream completes.

Error Handling

Provider error responses are forwarded unchanged — check your request body against the provider’s API docs if you see provider-level errors.

Troubleshooting

Verify your secret key matches the dashboard and the Bearer prefix is in the Authorization header. If using a forward token, decode it to inspect:
Lava blocks frontend requests to prevent token exposure. Always call Lava from your backend: Frontend → Your Backend → Lava → AI Provider.

Next Steps

Supported Providers

Full list of providers you can access with Lava AI Gateway

Webhooks

Receive real-time notifications for billing and usage events