Migrate from Direct SDK Usage
If you’re calling OpenAI, Anthropic, Google, or another provider directly — no proxy in the middle — this is the fastest migration path. You change one environment variable. Everything else stays the same.
Migration time: 5–10 minutes. This is the quickest migration path.
What you gain immediately
Once the base URL points at the Curate-Me gateway:
- Cost tracking — every request is logged with token counts and USD cost
- Daily budget cap — set a hard limit to prevent bill surprises
- PII scanning — 33 regex patterns scan every prompt for secrets and PII before they leave your app
- Rate limiting — configurable per-key RPM with standard
RateLimit-*response headers - HITL gate — flag high-cost requests for human approval before they execute
- Model allowlist — restrict which models an API key can call
- Full audit trail — every request, every response, tamper-proof
Environment variable mapping
| Direct SDK env var | Curate-Me equivalent | Notes |
|---|---|---|
OPENAI_API_KEY=sk-... | OPENAI_API_KEY=cm_sk_... | Your CM key replaces the OpenAI key |
OPENAI_BASE_URL (not set) | OPENAI_BASE_URL=https://api.curate-me.ai/v1/openai | Must be set |
ANTHROPIC_API_KEY=sk-ant-... | ANTHROPIC_API_KEY=cm_sk_... | Same pattern |
ANTHROPIC_BASE_URL (not set) | ANTHROPIC_BASE_URL=https://api.curate-me.ai/v1/anthropic | Must be set |
| Provider key (OpenAI/Anthropic) | Stored in CM Secrets | Gateway injects it automatically |
After migration your upstream provider keys (OpenAI, Anthropic, etc.) are stored in Curate-Me — they’re encrypted at rest and injected per request. You should remove them from your app’s environment once stored.
Before / after code diff
Python (OpenAI)
-import os
from openai import OpenAI
-client = OpenAI(api_key=os.environ["OPENAI_API_KEY"]) # sk-...
+client = OpenAI(
+ base_url="https://api.curate-me.ai/v1/openai",
+ api_key="cm_sk_your_gateway_key",
+)
response = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Hello"}],
)
print(response.choices[0].message.content)If you use environment variables (recommended):
# .env file
-OPENAI_API_KEY=sk-your-real-openai-key
+OPENAI_API_KEY=cm_sk_your_gateway_key
+OPENAI_BASE_URL=https://api.curate-me.ai/v1/openaiThen your Python code needs zero changes:
from openai import OpenAI
client = OpenAI() # picks up OPENAI_API_KEY + OPENAI_BASE_URL from envStep-by-step migration
Create a Curate-Me account and get your gateway key
Sign up at dashboard.curate-me.ai/signup .
Go to Settings → API Keys → New Key. Copy the cm_sk_... value.
Store your provider secrets
Your upstream API keys (OpenAI, Anthropic, etc.) must be stored in Curate-Me so the gateway can inject them:
# OpenAI
curl -X POST https://api.curate-me.ai/v1/admin/secrets \
-H "X-CM-API-Key: cm_sk_your_gateway_key" \
-H "Content-Type: application/json" \
-d '{"provider": "openai", "secret": "sk-your-openai-key", "label": "production"}'
# Anthropic
curl -X POST https://api.curate-me.ai/v1/admin/secrets \
-H "X-CM-API-Key: cm_sk_your_gateway_key" \
-H "Content-Type: application/json" \
-d '{"provider": "anthropic", "secret": "sk-ant-your-key", "label": "production"}'Or use the dashboard: Settings → Provider Secrets → Add Secret.
Set a daily budget (strongly recommended)
curl -X POST https://api.curate-me.ai/v1/admin/budgets \
-H "X-CM-API-Key: cm_sk_your_gateway_key" \
-H "Content-Type: application/json" \
-d '{"daily_limit_usd": 20.0, "scope": "org"}'If the daily budget is hit, the gateway returns 402 Payment Required with a clear error message. Your app stops spending — not silently fails.
Update your environment variables
# Before
OPENAI_API_KEY=sk-your-real-openai-key
# After
CM_API_KEY=cm_sk_your_gateway_key
OPENAI_API_KEY=cm_sk_your_gateway_key # SDK reads this for the "api_key" param
OPENAI_BASE_URL=https://api.curate-me.ai/v1/openai
# For Anthropic
ANTHROPIC_API_KEY=cm_sk_your_gateway_key
ANTHROPIC_BASE_URL=https://api.curate-me.ai/v1/anthropicRemove direct provider keys from your app environment
Once secrets are stored in Curate-Me, remove sk-... and sk-ant-... from your .env files, CI secrets, and Kubernetes secrets. The gateway injects them — there’s no reason for your app to hold them.
Verify your first governed request
curl https://api.curate-me.ai/v1/openai/chat/completions \
-H "X-CM-API-Key: $CM_API_KEY" \
-H "Content-Type: application/json" \
-d '{"model":"gpt-4o","messages":[{"role":"user","content":"Hello from Curate-Me!"}]}'Check the response for:
X-CM-Request-Idheader — confirms CM processed itX-CM-Governance-Time-Msheader — time spent in the governance chain (typically 2–8ms)- Dashboard → Traces — new trace with cost, token counts, and PII scan result
Provider URL reference
| Provider | Base URL via Curate-Me |
|---|---|
| OpenAI | https://api.curate-me.ai/v1/openai |
| Anthropic | https://api.curate-me.ai/v1/anthropic |
| Google Gemini | https://api.curate-me.ai/v1/google |
| DeepSeek | https://api.curate-me.ai/v1/deepseek |
| Mistral | https://api.curate-me.ai/v1/mistral |
| Groq | https://api.curate-me.ai/v1/groq |
| Cohere | https://api.curate-me.ai/v1/cohere |
| OpenRouter | https://api.curate-me.ai/v1/openrouter |
See the full provider list for all 50 supported providers.
Rollback
If you need to revert:
# Restore direct provider keys
export OPENAI_API_KEY=sk-your-real-openai-key
unset OPENAI_BASE_URL
unset CM_API_KEYYour code never changed — the revert is purely environment variable.