inferenceProvider to gateway and supply the base URL and credentials described below.
The gateway must implement the Anthropic Messages API:
POST /v1/messageswith streaming and tool use is required.GET /v1/modelsis optional. If the gateway implements it, Cowork on 3P auto-discovers available models; if not, setinferenceModelsexplicitly.
The data-residency and “no conversation data sent to Anthropic” statements elsewhere in these pages apply to Vertex AI and Bedrock only. When you use a gateway, data handling is determined by the gateway you operate and the upstream provider it routes to.
Configuration keys
| Setting | Required | Description |
|---|---|---|
Gateway base URLinferenceGatewayBaseUrl | Yes | Gateway base URL. Must be https://. |
Gateway API keyinferenceGatewayApiKey | Unless using sso or a credential helper | API key sent to the gateway. The field cannot be empty, so if your gateway authenticates by network identity and does not require a key, set a placeholder value. |
Gateway auth schemeinferenceGatewayAuthScheme | No | How the credential is sent. bearer (default) sends Authorization: Bearer <key>. x-api-key sends the x-api-key header instead. sso obtains the credential from the gateway’s own browser-based sign-in (OAuth 2.0 authorization server metadata at <inferenceGatewayBaseUrl>/.well-known/oauth-authorization-server and the device-authorization grant), in which case inferenceGatewayApiKey is not required. |
Gateway extra headersinferenceGatewayHeaders | No | JSON string array of additional HTTP headers sent on every inference request, in "Name: Value" form, for example ["X-Org-Id: team1"]. |
inferenceGatewayApiKey, configure an inferenceCredentialHelper executable that prints the gateway credential to stdout.