Team-wide provider allowlist on AI Gateway
Quick Take
Vercel AI introduces a team-wide provider allowlist for AI Gateway, enabling teams to restrict traffic to approved AI providers, enhancing security and compliance. The allowlist applies to all requests, including BYOK traffic, and is managed centrally by team owners to prevent unauthorized access.
Key Points
- The allowlist filters requests by provider, ensuring only approved vendors are used.
- New providers are disabled by default to maintain the integrity of the approved vendor list.
- Enforcement occurs at the gateway level, preventing unapproved provider access.
- Team owners have exclusive rights to modify the provider allowlist for centralized control.
- AI Gateway supports various APIs, including OpenAI Chat Completions and Anthropic Messages.
Article Content
From source RSS / original summaryAI Gateway now supports a team-wide provider allowlist. Teams can restrict which providers can serve requests, so traffic only routes to approved providers. The allowlist applies to every request through AI Gateway, including Bring Your Own Key (BYOK) traffic. Regulated teams typically vet AI providers across multiple dimensions with security and legal sign-off, ending up with a vendor set that reflects the specific requirements of their org.
The allowlist turns that approved-vendor list into a routing guarantee:Toggle on in the AI Gateway tab. All current providers are allowed by default, so existing traffic is unaffected. Disable any providers your team shouldn't use. Provider AllowlistSettingsThe allowlist filters by provider, not by model. AI Gateway falls back to other allowed providers for the same model if the initial provider fails.
The allowlist also functions as an with other restrictions applied to the team, like Zero Data Retention (ZDR) or request-level filtering. andFor example, if a team has disabled DeepSeek in their allowlist and a request pins routing to only the DeepSeek provider:Since DeepSeek is not in the allowlist, AI Gateway rejects the request. Provider Allowlist works across every API format supported by AI Gateway, including AI SDK, OpenAI Chat Completions API, and Anthropic Messages API. Read the for more information.
For other account-level security and compliance functionality, check the and documentation. provider allowlist documentationZero Data RetentionDisallow Prompt TrainingRead moreEnforcement happens at the gateway level, not at the request level. A developer on the team cannot route traffic to a provider the org hasn't approved. This restriction also applies to coding agents. Even if an agent omits or modifies request-level provider filters, AI Gateway still blocks unapproved providers.
Only team owners can modify the provider allowlist, keeping control centralized and auditable. New providers are disabled by default once the allowlist is on, so the approved set doesn't silently expand when AI Gateway integrates a new vendor. How to configure
Reader Mode unavailable (could not extract clean content).
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from Vercel AI
See more →
Opus 4.8 on AI Gateway
Claude Opus 4.8, now available on Vercel AI Gateway, excels in long-horizon agentic execution and complex coding tasks, producing clearer prose for knowledge work. Users can access it via the .anthropic/claude-opus-4.8 model in the AI SDK, benefiting from a unified API with no markup on provider pricing.
