Sign in with TrustedRouter — Let Your Users Bring Their Own AI
Add a sign-in button and your users bring their own TrustedRouter account — instant access to hundreds of models, billed to them, through an attested no-log gateway. Integrate in minutes with the Python, TypeScript, or Swift SDK.
Add a button. Your users bring their own AI.
“Sign in with TrustedRouter” is the “Sign in with Google” of AI. Add one button to your app. Your users authenticate with their TrustedRouter account and grant you a scoped key — and now your app can call hundreds of models on their credits, not yours.
You ship AI features with no API keys to manage, no inference bill, and no per-user billing to build. Every call runs through the open-source, hardware-attested gateway that provably never logs prompts.
import { BrowserOAuthFlow } from "@lore-hex/trusted-router/oauth";
// 1. sign-in button → open consent
const flow = new BrowserOAuthFlow(`${location.origin}/auth/callback`);
location.assign((await flow.initiate({ keyLabel: "My App" })).url);
// 2. /auth/callback → user-scoped key + who signed in
const { key, identity } = await flow.handleCallback();
// use `key` for /v1/chat/completions — billed to the userAdd the button
One import. Render “Sign in with TrustedRouter.” Python, TypeScript, and Swift SDKs — all PKCE, no client secret, works in SPAs, native, and CLIs.
Your user approves
They authenticate with TrustedRouter (Google, GitHub, or wallet) and approve a key scoped to your app — with an optional spend cap and expiry you request.
Use any AI, instantly
Use the returned key for /v1/chat/completions, /responses, or /embeddings across hundreds of models. Usage bills to your user’s credits.
Integrate in one prompt.
The SDKs and the whole API are agent-readable. Point Cursor, Claude Code, or Codex at the docs and let it wire the flow — most apps integrate in a single session, not a sprint.
The API is published as llms.txt and llms-full.txt so your agent has the full reference in its context.
Add "Sign in with TrustedRouter" to this app.
SDK: @lore-hex/trusted-router (npm) — use BrowserOAuthFlow.
Full API reference: https://api.trustedrouter.com/docs/llms-full.txt
On the OAuth callback, exchange the PKCE code for the
user-scoped key and call /v1/chat/completions with it.
Persist the key + identity.email per signed-in user.Zero keys, zero inference cost.
No provider API keys to vault or rotate. No inference bill — tokens bill to the signed-in user. No per-user metering or limits to build; scoped keys carry their own caps. Hundreds of models across every provider, behind one OpenAI-compatible API.
One account. Any model. Provable privacy.
One TrustedRouter account that works across every app they sign into. Their own credits and spend cap. Any model they want. And prompts that run through a hardware-attested gateway that never logs them — verifiable, not promised.
Drop it into any stack.
import { BrowserOAuthFlow } from "@lore-hex/trusted-router/oauth";
const flow = new BrowserOAuthFlow(`${location.origin}/auth/callback`);
location.assign((await flow.initiate({ keyLabel: "My App", limit: "5" })).url);
// /auth/callback:
const { key, user_id, identity } = await flow.handleCallback();from trustedrouter import create_oauth_authorization, exchange_oauth_key
auth = create_oauth_authorization(callback_url="https://myapp.com/auth/callback",
key_label="My App", limit="5", usage_limit_type="monthly")
redirect_to(auth.url) # keep auth.code_verifier in the session
# in /auth/callback (after verifying state):
token = exchange_oauth_key(code=request.args["code"], code_verifier=saved_verifier)
store_for_user(token.key, token.identity) # identity = {sub, email, ...}import TrustedRouter
let oauth = TrustedRouterOAuth()
let token = try await oauth.authenticate(
callbackURL: "myapp://auth/callback",
presentationContextProvider: self) // token.key, token.identityPKCE S256 on every platform — no client secret. Desktop and CLI apps use the loopback flow (http://localhost:3000/callback). Full reference: Sign in with TrustedRouter docs.