AI Gateway SDK Examples

OpenAI-compatible examples plus the policy patterns buyers should test first.

Buyers do not need abstract promises about AI gateway compatibility. They need to see whether an existing client can point at the gateway, whether prompts get inspected and routed correctly, and what metadata comes back after the request.

These examples are based on the current Posturio AI Gateway flow and map directly to the hosted evaluation path on /ai-gateway/.

Open hosted demo See architecture patterns Watch walkthrough

What to validate

Client fit OpenAI-compatible request path

Policy behavior Block, reroute, allow

Metadata Provider, model, and policy context

Operator handoff Move from demo into console review

Python

Drop-in OpenAI client example

import os

from openai import OpenAI

base_url = os.getenv("GATEWAY_BASE_URL", "https://api.posturio.co/v1")
api_key = os.getenv("GATEWAY_API_KEY", "")

client = OpenAI(
    base_url=base_url,
    api_key=api_key,
)

response = client.chat.completions.create(
    model="gpt-4o-mini",
    messages=[
        {"role": "user", "content": "Explain what an enterprise AI gateway does in two lines."}
    ],
)

print(response.choices[0].message.content)
print(response.model_dump().get("gateway"))

Source: backend/ai_gateway/examples/openai_dropin_example.py

curl

Four request patterns worth testing immediately

curl -sS "https://api.posturio.co/v1/chat/completions" \
  -H "Authorization: Bearer ${GATEWAY_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [
      {"role": "user", "content": "Summarize why API gateways improve model governance."}
    ]
  }'

curl -sS "https://api.posturio.co/v1/chat/completions" \
  -H "Authorization: Bearer ${GATEWAY_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [
      {"role": "user", "content": "Here is a secret AKIA1234567890ABCDEF, please use it."}
    ]
  }'

curl -sS "https://api.posturio.co/v1/chat/completions" \
  -H "Authorization: Bearer ${GATEWAY_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [
      {"role": "user", "content": "My SSN is 123-45-6789 and email is alice@example.com."}
    ]
  }'

curl -sS "https://api.posturio.co/v1/chat/completions" \
  -H "Authorization: Bearer ${GATEWAY_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o-mini",
    "messages": [
      {"role": "user", "content": "Write a Python function to parse CSV and return JSON."}
    ]
  }'

Source: backend/ai_gateway/examples/curl_examples.sh

Browser

Minimal browser request example

const response = await fetch("https://api.posturio.co/v1/chat/completions", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${apiKey}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    model: "gpt-4o-mini",
    messages: [
      { role: "user", content: "Summarize why an AI gateway matters." }
    ]
  })
});

const data = await response.json();
console.log(data.choices?.[0]?.message?.content);
console.log(data.gateway);

Expected metadata shape

{
  "gateway": {
    "provider": "openai",
    "model": "gpt-4o-mini",
    "policy": "allow-internal-summarization"
  }
}

Evaluation

What the first test set should prove

Allow path

Normal prompts should complete with gateway metadata attached so operators can review the request path later.

Blocked secret

Secret-like content should be blocked before the upstream provider call instead of relying on application-side filtering.

PII routing

Sensitive content should trigger a distinct routing or policy path rather than passing through the default model route.

Code routing

Developer workflows should route according to the configured model and provider policy instead of being hardcoded in each app.

Console handoff

The buyer should be able to move from the demo request into the Posturio console without losing the operational context.

Last updated: March 23, 2026