Bring Your Own Keys (BYOK) - Anchor Browser Docs

Bring Your Own Keys (BYOK) lets you connect your own LLM provider - OpenAI, Anthropic, Google, Azure, or any OpenAI-compatible endpoint - to power Anchor’s AI browser automations. You store your provider keys on a project, then opt in per request by referencing a key. When you don’t reference a key, Anchor uses its default model as usual. Why use BYOK?

Model choice - pick the provider that works best for each task
Data privacy - LLM requests go directly to your provider, not through Anchor’s inference layer
Rate limits - manage your own provider rate limits

How it works

You can store one or more keys per project. Each key has a key name (a short slug you choose, e.g. my-anthropic-key) so you can keep several keys - even for the same provider - side by side.
BYOK is opt-in per request. A session or web task uses one of your keys only when it explicitly passes that key’s name. Otherwise it uses Anchor’s default model.
Your key isn’t tied to a single model. The model is chosen per request (you can pass a model name), and if you don’t pass one, the provider’s default for that agent is used.
Your keys are encrypted at rest and never returned by the API - only a reference to them is stored.

BYOK currently supports perform-web-task and sessions - not Tasks. If you need BYOK for Tasks, contact support.

Supported providers

Provider	API value	Example models
OpenAI	`openai`	gpt-4o, gpt-5.4, o3
Anthropic	`anthropic`	claude-sonnet-4-6, claude-opus-4-7
Google (AI Studio)	`google`	gemini-2.5-pro, gemini-2.5-flash
Google Vertex AI	`vertex`	gemini-2.5-pro, gemini-2.5-flash
Azure OpenAI	`azure`	Any deployed Azure OpenAI model
Custom / OpenAI-compatible	`custom`	Any endpoint that follows the OpenAI chat completions API

Azure and custom endpoints require a base URL. Vertex AI uses a service-account JSON (not an API key) and an optional region.

Setup (Dashboard)

Open BYOK in Project Settings

In the Dashboard, go to Project Settings and scroll to the BYOK section (below Members).

Add a key

Click Add Key
Select your provider
Give the key a key name (e.g. my-anthropic-key) - this is how you’ll reference it later
Paste your API key (or service-account JSON for Vertex)
For Azure or custom endpoints, enter the base URL; for Vertex, optionally set a region
Click Verify & Save - Anchor makes a quick live test call to confirm the credential works before storing it

Add more keys (optional)

Repeat for any other providers or keys you want available in this project. They’ll appear in a table, sorted by provider.

Using BYOK

Reference a key by its key name (key_slug) on the request. This works in two places:

On a session

Pass key_slug when creating a session. Every action in that session then uses your key:

POST /v1/sessions
{
  "key_slug": "my-anthropic-key"
}

Optional fields:

provider - a safety check; if set, it must match the stored provider for that key (guards against typos).
model - a specific model name to use; omit it to use the provider’s default.

POST /v1/sessions
{
  "key_slug": "my-anthropic-key",
  "provider": "anthropic",
  "model": "claude-sonnet-4-6"
}

On a web task

Pass key_slug to perform-web-task. If you don’t pass a sessionId, Anchor creates a session on the fly using your key. If you pass an existing sessionId, the key applies just to that task - it doesn’t change the session’s saved model.

POST /v1/tools/perform-web-task
{
  "prompt": "Find the price of the product on this page",
  "key_slug": "my-openai-key"
}

No key_slug = Anchor default. Leave key_slug out and the request uses Anchor’s default model.

Registering keys via the REST API

You can also manage keys without the Dashboard. When creating a project - include a model object:

POST /v1/projects
{
  "name": "My project",
  "model": {
    "provider": "openai",
    "key_slug": "my-openai-key",
    "credentials": "sk-...",
    "base_url": null
  }
}

Adding or updating a key on an existing project:

PUT /v1/projects/{projectId}/byom
{
  "model": {
    "provider": "anthropic",
    "key_slug": "my-anthropic-key",
    "credentials": "sk-ant-..."
  }
}

In both cases Anchor verifies the credential with a live test call before saving. base_url is required for azure and custom; for vertex, put the service-account JSON in credentials and optionally add location.

FAQs

Do I have to use my key on every request?

No. BYOK is opt-in: a request uses your key only when it includes key_slug. Anything without it uses Anchor’s default model.

Does BYOK work with Tasks?

Not currently. BYOK applies to sessions and perform-web-task only. If you need BYOK for Tasks, contact support.

Can I keep several keys in one project?

Yes. Each key has its own key name, and you can store several — even for the same provider. You pick which one to use per request.

Which model does my key use?

The one you pass as model on the request. If you don’t pass a model, the provider’s default for that agent is used. Make sure your key has access to whichever model ends up being used — for example, computer-use agents need a computer-use-capable model.

Does BYOK affect pricing?

With BYOK, LLM requests go directly to your provider, so you pay your provider for token usage. Anchor’s standard browser usage charges still apply.

Is my API key stored securely?

Yes. Keys are encrypted at rest and never returned by the API — only a reference is stored. You re-enter the key whenever you change a configuration.

​How it works

​Supported providers

​Setup (Dashboard)

​Using BYOK

​On a session

​On a web task

​Registering keys via the REST API

​FAQs

How it works

Supported providers

Setup (Dashboard)

Using BYOK

On a session

On a web task

Registering keys via the REST API

FAQs