SpiderGate: LLM Gateway & API Key Management
The Problem Every AI Builder Faces: You need access to multiple LLM providers, but each has a different API, different pricing, and different rate limits. Managing keys is a nightmare. Tracking costs? Manual. When one provider goes down? Your app crashes.
SpiderGate solves this. A production LLM gateway powered by LiteLLM that gives you an OpenAI-compatible API for 100+ providers, task-based routing, free tier stacking, per-request cost tracking, and a secure multi-tenant key vault — all self-hosted.
100+ LLM Providers
OpenAI, Anthropic, Google, Groq, Mistral, and 95+ more via one API endpoint
Task-Based Routing
Request spideriq/coding or spideriq/fast — SpiderGate picks the best model automatically
OpenAI-Compatible API
Drop-in replacement. Change your base URL, access every provider instantly
Free Tier Stacking
Stack Groq + Cerebras + Google AI + Mistral free tiers for thousands of free requests/day
Per-Request Cost Tracking
Know exactly what every request costs. Usage analytics, spend forecasting, budget alerts
Multi-Tenant Key Vault
Brands, Clients, Keys — each with isolated rate limits, budgets, and credentials
SpiderGate V2: LLM Gateway
SpiderGate V2 is a full production LLM gateway built on top of LiteLLM's routing engine with SpiderIQ's multi-tenant architecture. It provides an OpenAI-compatible API that routes to 100+ LLM providers with intelligent task-based routing, automatic fallback, and per-request cost tracking.
Quick Start
Point any OpenAI-compatible SDK at SpiderGate and start making requests immediately:
- cURL
- Python (OpenAI SDK)
- Task-Based Routing
# Chat completion — works exactly like OpenAI's API
curl -X POST "https://spideriq.ai/api/gate/v1/chat/completions" \
-H "Authorization: Bearer sg_key_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-4o",
"messages": [{"role": "user", "content": "Hello!"}]
}'
from openai import OpenAI
# Just change the base_url and api_key — everything else stays the same
client = OpenAI(
base_url="https://spideriq.ai/api/gate/v1",
api_key="sg_key_your_key_here"
)
response = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Hello!"}]
)
print(response.choices[0].message.content)
# Use task aliases instead of specific models
# SpiderGate routes to the optimal model automatically
# Best model for code generation
curl -X POST "https://spideriq.ai/api/gate/v1/chat/completions" \
-H "Authorization: Bearer sg_key_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"model": "spideriq/coding",
"messages": [{"role": "user", "content": "Write a Python function to merge two sorted arrays"}]
}'
# Fastest response (Groq, Cerebras)
curl -X POST "https://spideriq.ai/api/gate/v1/chat/completions" \
-H "Authorization: Bearer sg_key_your_key_here" \
-d '{"model": "spideriq/fast", "messages": [{"role": "user", "content": "Summarize this text..."}]}'
# Free tier only (zero cost)
curl -X POST "https://spideriq.ai/api/gate/v1/chat/completions" \
-H "Authorization: Bearer sg_key_your_key_here" \
-d '{"model": "spideriq/free", "messages": [{"role": "user", "content": "Classify this sentiment..."}]}'
Task-Based Routing
Instead of hardcoding model names, use SpiderGate task aliases. When better models become available, your code automatically uses them — zero changes required.
| Task Alias | Routes To | Best For |
|---|---|---|
spideriq/coding | Claude Sonnet, Codestral, Llama 70B | Code generation, debugging, refactoring |
spideriq/chat | Llama 70B, Mistral Small, Gemini Flash | General conversation, Q&A |
spideriq/fast | Llama 8B (Groq/Cerebras), Gemini Flash | Real-time chat, autocomplete |
spideriq/extraction | Gemini Flash, Claude Sonnet, Llama 70B | Structured data extraction, JSON output |
spideriq/creative | Claude Sonnet, Mistral Small, Gemini Flash | Creative writing, storytelling |
spideriq/research | Gemini 1.5 Pro, Claude Sonnet | Long-context analysis, document review |
spideriq/planning | Claude Sonnet, Gemini Flash | Multi-step planning, decomposition |
spideriq/tool-use | Claude Sonnet, Llama 70B, Gemini Flash | Function/tool calling |
spideriq/classification | Llama 8B, Llama 70B, Mistral Small | Text classification, labeling, sentiment |
spideriq/summarization | Gemini Flash, Mistral Small | Text summarization, compression |
spideriq/translation | Mistral Small, Gemini Flash | Language translation |
spideriq/vision | Gemini Flash, GPT-4o, Claude Sonnet | Image understanding, OCR |
spideriq/free | Llama 70B (Groq), Gemini Flash, Mistral | Free-tier models only, zero cost |
Supported Providers (100+)
SpiderGate V2 supports every provider available through LiteLLM, including:
| Provider | Example Models | Free Tier |
|---|---|---|
| OpenAI | GPT-4o, GPT-4, GPT-3.5 Turbo | No |
| Anthropic | Claude 3.5 Sonnet, Claude 3 Opus, Haiku | No |
| Google AI | Gemini 2.0 Flash, Gemini 1.5 Pro | Yes (60 req/min) |
| Groq | Llama 3.1 70B/8B, Mixtral | Yes (generous) |
| Mistral | Large, Small, Codestral, Nemo | Yes |
| Cerebras | Llama 3.1 70B/8B | Yes |
| Cohere | Command R+, Command R | No |
| Together AI | Open-source models | No |
| Fireworks | Open-source models | No |
| DeepInfra | Open-source models | No |
| Cloudflare AI | Workers AI models | Yes (10K neurons/day) |
| + 90 more | Via LiteLLM | Varies |
Standalone API Keys (sg_key_*)
External customers and applications can access SpiderGate without a full SpiderIQ account using standalone API keys:
# Use sg_key_* keys exactly like OpenAI API keys
curl -X POST "https://spideriq.ai/api/gate/v1/chat/completions" \
-H "Authorization: Bearer sg_key_prod_abc123" \
-H "Content-Type: application/json" \
-d '{
"model": "llama-3.1-70b-groq",
"messages": [{"role": "user", "content": "Hello!"}]
}'
Each sg_key_* key has:
- Independent rate limits (requests/minute, requests/day)
- Budget caps (monthly spend limit in dollars)
- Per-request cost tracking
- Usage analytics in the dashboard
Fallback and Retry
Configure automatic fallback chains for resilience:
curl -X POST "https://spideriq.ai/api/gate/v1/chat/completions" \
-H "Authorization: Bearer sg_key_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-4o",
"messages": [{"role": "user", "content": "Analyze this data..."}],
"spidergate_options": {
"fallback_models": ["claude-3-5-sonnet", "llama-3.1-70b-groq", "gemini-2.0-flash"],
"retry_count": 2,
"timeout_ms": 30000
}
}'
If the primary model fails, SpiderGate automatically tries each fallback in order. Failed providers enter a cooldown period and are automatically restored when healthy.
Cost Tracking and Analytics
Every request is tracked with:
- Input and output token counts
- Dollar cost per request
- Model used (including fallback)
- Latency metrics
The React dashboard shows:
- Per-model spend breakdown
- Daily and monthly cost trends
- Spend forecasting and budget alerts
- Request volume and error rates
API Endpoints
| Endpoint | Method | Description |
|---|---|---|
/api/gate/v1/chat/completions | POST | Chat completion (streaming supported) |
/api/gate/v1/models | GET | List available models |
/api/gate/v1/models/{id} | GET | Get model details |
Observability (Langfuse)
SpiderGate integrates with Langfuse for full observability:
- Every request traced end-to-end (prompt, completion, tokens, cost, latency)
- Prompt versioning and management
- Evaluation and scoring
- Debug failed requests with full context
API Key Management (V1)
SpiderGate also provides the secure API key vault that powers SpiderIQ's internal workers. The sections below cover key management, free tier stacking, and the security architecture.
Why SpiderGate Matters for Agent Security
The Agent Security Problem
When you build an AI agent (especially with frameworks like OpenClaw), your agent needs to call LLM APIs. Traditional approach:
# DANGEROUS: API key hardcoded or in environment
import openai
client = openai.OpenAI(api_key=os.environ["OPENAI_API_KEY"])
The risks:
- Agent gets compromised → Attacker extracts API keys from memory/env
- Keys leaked in logs, error messages, or debug output
- Malicious prompts trick agent into revealing credentials
- One compromised agent = all your API keys exposed
The SpiderGate Solution: Key Vault Architecture
┌─────────────────────────────────────────────────────────────────┐
│ Your AI Agent │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ "Call OpenRouter to analyze this document" │ │
│ │ │ │
│ │ api_key = ??? ← Agent NEVER knows the actual key │ │
│ └──────────────────────────┬───────────────────────────────┘ │
└─────────────────────────────┼───────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ SpiderGate Vault │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ 1. Authenticate agent via SpiderIQ token │ │
│ │ 2. Select best key (round-robin, usage-aware) │ │
│ │ 3. Inject key into request │ │
│ │ 4. Track usage against daily limits │ │
│ │ 5. Return response (key never exposed) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ Encrypted Storage: │
│ ┌──────────────┬──────────────┬──────────────┬────────────┐ │
│ │ OpenRouter │ Groq │ Mistral │ Cerebras │ │
│ │ sk-or-*** │ gsk_*** │ *** │ csk-*** │ │
│ │ 847/1000 │ 234/500 │ 89/1000 │ 456/1000 │ │
│ └──────────────┴──────────────┴──────────────┴────────────┘ │
└─────────────────────────────────────────────────────────────────┘
Key insight: Your agent authenticates with a SpiderIQ token (revocable, auditable). The actual LLM API keys stay in the vault, encrypted at rest, never transmitted to the agent.
Free Tier Stacking: Thousands of Free Requests
The real power of SpiderGate: stack multiple free-tier API keys and let SpiderGate rotate between them automatically.
Provider Free Tiers (2026)
| Provider | Free Tier | Daily Limit | Best For |
|---|---|---|---|
| OpenRouter | 1,000 requests/day | Per key | Claude, GPT-4, Llama access |
| Groq | Generous free tier | Rate limited | Ultra-fast Llama inference |
| Cerebras | Free tier available | Rate limited | Fastest inference |
| Google AI | 60 requests/minute | Free | Gemini Pro |
| Mistral | Free tier available | Rate limited | European AI models |
| Cloudflare AI | 10,000 neurons/day | Free | Edge inference |
Example: 5,000+ Free Requests/Day
Your SpiderGate Setup:
├── OpenRouter Key 1 → 1,000/day (free tier)
├── OpenRouter Key 2 → 1,000/day (second free account)
├── OpenRouter Key 3 → 1,000/day (third free account)
├── Groq Key 1 → ~500/day (rate limited)
├── Groq Key 2 → ~500/day (second account)
└── Cerebras Key 1 → ~1,000/day (free tier)
─────────────
5,000+ requests/day FREE
SpiderGate automatically rotates through all keys using round-robin, tracking usage per key:
Request 1 → OpenRouter Key 1 (count: 1/1000)
Request 2 → OpenRouter Key 2 (count: 1/1000)
Request 3 → OpenRouter Key 3 (count: 1/1000)
Request 4 → OpenRouter Key 1 (count: 2/1000) ← Cycles back
...
Request 3001 → Groq Key 1 (OpenRouter keys exhausted)
Quick Start
1. Add Your First API Key
- Dashboard
- API
Navigate to Settings → API Integrations and click Add Integration:
- Select provider (e.g., OpenRouter)
- Paste your API key
- Set daily limit (e.g., 1000 for free tier)
- Click Save
curl -X POST "https://spideriq.ai/api/v1/integrations" \
-H "Authorization: Bearer $CLIENT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"provider_name": "openrouter",
"credentials": {
"api_key": "sk-or-v1-your-key-here"
},
"key_label": "OpenRouter Free Tier 1",
"daily_limit": 1000
}'
2. Add More Keys for the Same Provider
The key to free tier optimization — add multiple keys:
# Add second OpenRouter key
curl -X POST "https://spideriq.ai/api/v1/integrations" \
-H "Authorization: Bearer $CLIENT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"provider_name": "openrouter",
"credentials": {"api_key": "sk-or-v1-second-key"},
"key_label": "OpenRouter Free Tier 2",
"daily_limit": 1000
}'
# Add Groq key for overflow
curl -X POST "https://spideriq.ai/api/v1/integrations" \
-H "Authorization: Bearer $CLIENT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"provider_name": "groq",
"credentials": {"api_key": "gsk_your-groq-key"},
"key_label": "Groq Free Tier",
"daily_limit": 500
}'
3. Submit Jobs — Keys Selected Automatically
When you submit jobs, SpiderGate selects the optimal key:
curl -X POST "https://spideriq.ai/api/v1/jobs/spidersite/submit" \
-H "Authorization: Bearer $CLIENT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"url": "https://example.com",
"extract_contacts": true
}'
Behind the scenes:
- SpiderGate checks which provider is needed
- Selects key with lowest daily usage (round-robin)
- Injects key into worker request
- Increments usage counter
- Returns results — your agent never sees the key
4. Monitor Usage
Check how your keys are performing:
curl "https://spideriq.ai/api/v1/integrations" \
-H "Authorization: Bearer $CLIENT_TOKEN"
{
"integrations": [
{
"id": 1,
"provider_name": "openrouter",
"key_label": "OpenRouter Free Tier 1",
"daily_count": 847,
"daily_limit": 1000,
"health_status": "healthy"
},
{
"id": 2,
"provider_name": "openrouter",
"key_label": "OpenRouter Free Tier 2",
"daily_count": 234,
"daily_limit": 1000,
"health_status": "healthy"
},
{
"id": 3,
"provider_name": "groq",
"key_label": "Groq Free Tier",
"daily_count": 0,
"daily_limit": 500,
"health_status": "healthy"
}
]
}
Key Vault Supported Providers
OpenRouter
200+ models via single API. 1K free/day.
Groq
Ultra-fast Llama inference. Generous free tier.
Mistral AI
European AI. Mistral Large, Medium, Small.
Google AI
Gemini Pro, Ultra. 60 req/min free.
fal.ai
Flux, SDXL image generation.
Cerebras
World's fastest LLM inference. Free tier.
Together AI
Open-source models, fine-tuning.
Cohere
Enterprise RAG, Command models.
Cloudflare AI
Edge inference. 10K neurons/day free.
NVIDIA NIM
Optimized NVIDIA inference.
Fireworks
Function calling specialists.
SambaNova
Custom silicon for enterprise AI.
HuggingFace
Inference API for any model.
Anthropic
Claude direct API access.
OpenAI
GPT-4, GPT-4o direct access.
+ 85 more
Via LiteLLM. DeepInfra, AI21, Baseten, and more.
How Key Selection Works
SpiderGate uses an intelligent selection algorithm:
Round-Robin with Usage Awareness
Selection Priority:
1. Keys for the requested provider
2. Healthy keys only (not rate-limited or erroring)
3. Under daily limit
4. Least used today (round-robin effect)
Query (simplified):
SELECT * FROM api_integrations
WHERE provider_name = 'openrouter'
AND is_active = TRUE
AND health_status = 'healthy'
AND daily_count < daily_limit
ORDER BY
priority DESC, -- Primary keys first
daily_count ASC, -- Least used = selected
last_used_at ASC -- Oldest use = selected
LIMIT 1
Automatic Health Tracking
Keys are monitored in real-time:
| Status | Meaning | Behavior |
|---|---|---|
healthy | Working normally | Selected for requests |
degraded | 1-2 recent failures | Still selected, monitored |
unhealthy | 3+ consecutive failures | Skipped, auto-retried later |
When a key fails (rate limit, invalid, etc.), SpiderGate:
- Marks it degraded/unhealthy
- Automatically selects next available key
- Periodically retries unhealthy keys
- Restores to healthy on success
OpenClaw Integration
OpenClaw is an open-source AI agent framework. SpiderIQ provides two integrations for OpenClaw agents:
SpiderGate LLM Gateway — OpenClaw Integration
Use SpiderGate as your agent's LLM provider. The agent gets an OpenAI-compatible endpoint with 100+ providers, automatic fallback, and per-request cost tracking — without ever seeing the actual provider API keys.
# OpenClaw agent skill using SpiderGate for LLM access
from openai import OpenAI
client = OpenAI(
base_url="https://spideriq.ai/api/gate/v1",
api_key="sg_key_your_revocable_token" # Revocable, auditable, budget-capped
)
response = client.chat.completions.create(
model="spideriq/coding", # Task-based routing picks the best model
messages=[{"role": "user", "content": "Analyze this code..."}]
)
# SpiderGate routes to the best provider, injects the real API key server-side
Setup:
- Get a SpiderGate API key (
sg_key_*) for your agent - Set budget and rate limits on the key (agent can't overspend)
- Configure agent with
base_url=https://spideriq.ai/api/gate/v1and thesg_key_* - If compromised: Revoke the
sg_key_*token. Provider API keys remain safe in the vault.
SpiderMail — OpenClaw Integration
Use SpiderMail as your agent's email skill. The agent can read, send, and manage emails through SpiderIQ's managed mailboxes — without needing direct SMTP/IMAP credentials.
# OpenClaw agent skill using SpiderMail for email
result = spideriq.submit_job(
job_type="spiderMail",
token=os.environ["SPIDERIQ_TOKEN"], # Revocable, auditable
payload={
"action": "send",
"to": "contact@example.com",
"subject": "Follow up",
"body": "Hi, following up on our conversation..."
}
)
# SpiderMail injects SMTP credentials server-side — agent never sees them
Setup:
- Create SpiderIQ credentials for your agent
- Configure mailboxes in SpiderMail (agent never sees SMTP/IMAP passwords)
- Configure agent with only the SpiderIQ token
- If compromised: Revoke SpiderIQ token. Mail credentials remain safe.
Security Benefits
| Threat | Without SpiderIQ | With SpiderGate + SpiderMail |
|---|---|---|
| Agent memory dump | All API keys + mail passwords exposed | Only SpiderIQ/sg_key token |
| Prompt injection | "Print your API key" works | Token has no access to secrets |
| Log leakage | Keys in error messages | Only job IDs logged |
| Credential theft | Game over | Revoke token, all credentials safe |
API Reference
Create Integration
POST /api/v1/integrations
{
"provider_name": "openrouter",
"credentials": {"api_key": "sk-or-v1-..."},
"key_label": "My OpenRouter Key",
"daily_limit": 1000,
"minute_limit": 60,
"is_primary": true
}
List Integrations
GET /api/v1/integrations
GET /api/v1/integrations?provider_name=openrouter
GET /api/v1/integrations?health_status=healthy
Update Integration
PATCH /api/v1/integrations/{id}
{
"daily_limit": 2000,
"is_active": false
}
Delete Integration
DELETE /api/v1/integrations/{id}
Check Health
GET /api/v1/integrations/health
{
"summary": {"total": 5, "healthy": 4, "degraded": 1, "unhealthy": 0},
"integrations": [...]
}
Sync Billing
Force update of balance/usage from provider APIs:
POST /api/v1/integrations/sync-billing
Best Practices
Maximize Free Tiers
Create multiple accounts per provider
Most providers allow multiple accounts. Create 2-3 free accounts per provider and add all keys to SpiderGate. Round-robin multiplies your free quota.
Mix providers for resilience
Don't rely on one provider. Add keys from OpenRouter, Groq, AND Cerebras. If one has issues, others take over.
Set accurate daily limits
Match daily_limit to your actual quota. SpiderGate stops using a key at the limit, preventing wasted requests to rate-limited endpoints.
Security Hardening
Use separate SpiderIQ tokens per agent
Each agent should have its own SpiderIQ credentials. If one agent is compromised, revoke only that token.
Monitor for unusual patterns
Check /integrations regularly. Sudden usage spikes might indicate compromise.
Rotate underlying API keys periodically
Even though SpiderGate protects keys, rotate them quarterly. Delete old integration, add new one.
Cost Optimization
Primary vs secondary keys
Mark your cheapest key as is_primary: true. It gets priority selection.
Track spend with billing sync
Run /integrations/sync-billing to pull actual spend from providers that support it (OpenRouter, Mistral, etc.).
Troubleshooting
Key showing as "unhealthy"
Cause: 3+ consecutive failures.
Check:
- Verify key is valid in provider's dashboard
- Check if billing/credits expired
- Provider might be down — check their status page
Fix: SpiderGate auto-recovers on next successful request. Or delete and re-add the key.
All keys exhausted before day ends
Cause: Usage exceeds total daily capacity.
Fix:
- Add more keys (more free accounts)
- Increase
daily_limitif you have paid accounts - Add keys from different providers
Usage not tracking correctly
Cause: Minute counters reset every 60 seconds. Daily counters reset at midnight UTC.
Check: Use /integrations to see current counts. minute_count may be 0 if no recent requests.
Summary
| Problem | SpiderGate Solution |
|---|---|
| Need access to 100+ LLM providers | One OpenAI-compatible API for all providers |
| Model changes require code changes | Task-based routing (spideriq/coding, spideriq/fast) |
| No idea what AI costs | Per-request cost tracking, spend forecasting |
| API keys scattered across providers | Multi-tenant key vault with brand isolation |
| Free tiers hard to maximize | Stack Groq + Cerebras + Google AI + Mistral free tiers |
| Agent compromise = key theft | Keys in vault, agent only has revocable token |
| Provider outages break production | Automatic fallback chains with health tracking |
| No usage visibility | Real-time analytics, Langfuse observability |
Get started in 60 seconds. Point your OpenAI SDK at https://spideriq.ai/api/gate/v1 with an sg_key_* key and start routing to 100+ providers immediately.