5-Minute Gateway Quickstart
The fastest way to see Curate-Me work. You’ll keep using your existing SDK; we just put the gateway in front of it. Every request gets cost tracking, PII scanning, rate limiting, and HITL approval gates — and appears as a full request trace in the dashboard.
This is the developer first-proof-of-value path. No infra changes, no Docker, no runners. Five minutes.
Looking for the runner / BYOVM quickstart instead? See Connect Your Machine — that walks you through hosting an agent on your own hardware.
Prerequisites
- A Curate-Me account
- A Gateway API key (
cm_sk_*) — generate one in Settings → API Keys - An existing app that calls OpenAI / Anthropic / OpenRouter / one of the 50 supported providers
Step 1 — Swap one environment variable
Pick the provider your app uses today and change one line. The SDK still imports / calls the same way; only the URL changes.
Python (OpenAI SDK)
- OPENAI_BASE_URL=https://api.openai.com/v1
- OPENAI_API_KEY=sk-your-real-openai-key
+ OPENAI_BASE_URL=https://api.curate-me.ai/v1/openai
+ OPENAI_API_KEY=cm_sk_your_gateway_keyThen in code:
from openai import OpenAI
client = OpenAI() # picks up the env vars
resp = client.chat.completions.create(
model="gpt-4-turbo",
messages=[{"role": "user", "content": "Hello"}],
)
print(resp.choices[0].message.content)Step 2 — Make one request
Run your app as you normally would. The first request is your first-proof-of-value moment.
The response is identical to what the upstream provider returned (we proxy it through unmodified). Look in the response headers to see the gateway acting:
X-CM-Request-Id: req_a1b2c3d4...
X-CM-Governance-Time-Ms: 4
X-CM-Trace-Id: 00-abc...
RateLimit-Limit: 60
RateLimit-Remaining: 59
RateLimit-Reset: 54Those headers confirm the gateway ran its 14-stage governance chain: rate limiting, cost estimate, PII scan, content safety, model allowlist, and HITL approval check — all in single-digit milliseconds.
Step 3 — See the trace
Open the dashboard and find your request:
- Go to Traces in the sidebar.
- The most recent row is the request you just made.
- Click it to see:
- The full prompt and response (with PII redacted in logs).
- The cost — actual USD, computed from the provider’s pricing.
- Which governance stages ran and how long each took.
- The model resolved, the org charged, the user / agent on the call.
That trace is what you’d otherwise build with three separate vendors (Portkey + Helicone + Langfuse). It comes with the gateway out of the box.
What you get for free
Now that traffic flows through the gateway, your account automatically has:
- Cost tracking — per request, per org, per user, per agent. Daily budgets enforce themselves; runs over budget get rejected with a clear error.
- Rate limits — IETF
RateLimit-*headers honoured automatically by SDKs that respect them. - PII scanning — 33 regex patterns + optional Microsoft Presidio NER. Toggle in Guardrails → PII.
- Model allowlist — restrict which models your org is allowed to use.
- HITL approval — high-cost or high-risk requests pause for an approver. Configure in Guardrails → HITL.
- Audit log — every request signed with your org’s Ed25519 key. Verifiable retroactively.
What’s next?
- Run a certified template — open Runners → Templates in the dashboard and pick a pre-built agent (PR review, security audit, cost anomaly report). Each certified template ships with a smoke-tested configuration and a published runbook URL.
- Connect a machine — host a runner on your own VPS so agent compute bills go to your cloud, not ours.
- Pricing — daily budgets, rate limits, and per-tier entitlements.
Hit a snag? See the Troubleshooting top-10 for the most common gateway and runner failures, each with a one-command fix.