Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.steward.fi/llms.txt

Use this file to discover all available pages before exploring further.

Routes API

Routes tell the Proxy Gateway how to inject credentials into outbound API requests. All endpoints are nested under /secrets/routes and require tenant-level authentication.

Create Route

POST /secrets/routes
Auth: Tenant API key Request Body: 
{
  secretId: string;       // ID of the secret to inject
  hostPattern: string;    // Target host (e.g., "api.openai.com", "*.anthropic.com")
  pathPattern?: string;   // Path glob (default: "/*")
  method?: string;        // HTTP method filter (default: "*")
  injectAs: string;       // "header" | "query" | "body"
  injectKey: string;      // Header name, query param, or body field
  injectFormat?: string;  // Format string (default: "{value}")
  priority?: number;      // Higher = checked first (default: 0)
  enabled?: boolean;      // Toggle route (default: true)
}
Response (201): 
{
  "ok": true,
  "data": {
    "id": "route-uuid",
    "secretId": "secret-uuid",
    "hostPattern": "api.openai.com",
    "pathPattern": "/*",
    "method": "*",
    "injectAs": "header",
    "injectKey": "Authorization",
    "injectFormat": "Bearer {value}",
    "priority": 0,
    "enabled": true,
    "createdAt": "2026-03-26T12:00:00Z"
  }
}

Examples

curl -X POST https://api.steward.fi/secrets/routes \
  -H "X-Steward-Key: your-key" \
  -H "Content-Type: application/json" \
  -d '{
    "secretId": "openai-secret-id",
    "hostPattern": "api.openai.com",
    "pathPattern": "/*",
    "injectAs": "header",
    "injectKey": "Authorization",
    "injectFormat": "Bearer {value}"
  }'

List Routes

GET /secrets/routes
Auth: Tenant API key Response: 
{
  "ok": true,
  "data": [
    {
      "id": "route-uuid-1",
      "secretId": "secret-uuid",
      "hostPattern": "api.openai.com",
      "pathPattern": "/*",
      "injectAs": "header",
      "injectKey": "Authorization",
      "injectFormat": "Bearer {value}",
      "priority": 0,
      "enabled": true
    }
  ]
}

Update Route

PUT /secrets/routes/:id
Auth: Tenant API key Request Body: Any subset of the create fields (partial update): 
{
  hostPattern?: string;
  pathPattern?: string;
  method?: string;
  injectAs?: string;
  injectKey?: string;
  injectFormat?: string;
  priority?: number;
  enabled?: boolean;
}

# Disable a route
curl -X PUT https://api.steward.fi/secrets/routes/route-uuid \
  -H "X-Steward-Key: your-key" \
  -H "Content-Type: application/json" \
  -d '{ "enabled": false }'

Delete Route

DELETE /secrets/routes/:id
Auth: Tenant API key Response: 
{
  "ok": true,
  "data": { "deleted": "route-uuid" }
}

Route Matching

When the proxy receives a request, it matches routes in priority order (highest first). The first matching route wins. A route matches when:
  1. hostPattern matches the target host (supports * wildcards)
  2. pathPattern matches the request path (supports /* glob)
  3. method matches the HTTP method (or * for any)
  4. enabled is true

Priority Example

// Priority 10: Trading API gets privileged credentials
{ hostPattern: "api.example.com", pathPattern: "/v2/trading/*", priority: 10 }

// Priority 0: Everything else gets read-only credentials
{ hostPattern: "api.example.com", pathPattern: "/*", priority: 0 }
A request to api.example.com/v2/trading/orders matches the priority-10 route. A request to api.example.com/v1/data matches the priority-0 fallback.