TheRouter.aiTheRouter.ai

Guardrails

Policy controls for cost, safety, and model access at scale

Guardrails layer policy constraints over users and API keys. Use them to enforce spend ceilings, filter content classes, require ZDR, and restrict providers/models by business unit.

guardrail-example.json
{
  "name": "prod-customer-support",
  "budget_limit_usd": 250,
  "budget_interval": "daily",
  "zdr": true,
  "model_allowlist": [
    "anthropic/claude-sonnet-4.5",
    "openai/gpt-4.1-mini"
  ],
  "provider_allowlist": ["bedrock-us-east-2", "openai-api"],
  "content_filter": {
    "block_categories": ["self-harm", "sexual-minors"],
    "action": "block"
  }
}
Assign to API key
curl -X POST https://api.therouter.ai/v1/guardrails/assignments/keys   -H "Authorization: Bearer $THEROUTER_API_KEY"   -H "Content-Type: application/json"   -d '{
    "guardrail_id": "gr_01hxx",
    "api_key_ids": ["key_01hyy"]
  }'
Stricter rule wins
When multiple guardrails apply, allowlists are intersected, ZDR is OR-enforced, and each budget is checked independently. Design layered policies with that merge behavior in mind.