Secu sits between an agent and the outside world. Your agent uses a Secu key. Secu enforces policy, budgets, kill-switch, and approvals, then injects the real vendor secret server-side if allowed.
Production: https://api.secuplatform.com
Either header works:
Authorization: Bearer sk-secu-... x-secu-key: sk-secu-...
x-secu-action labels intent (examples: llm, payment, email). x-secu-cost is your USD estimate used for budgets (pre-flight).
Secu separates authorized cost (your x-secu-cost estimate) from settled cost (what Secu records after the vendor responds).
If the vendor returns an error (>= 400) or is unreachable, Secu settles cost to $0.00 and refunds the authorized amount back to the agent's daily budget.
If you configure a pricebook, Secu can compute cost from vendor token usage and settle it server-side.
{
"rules": [
{
"vendor_host": "api.openai.com",
"model_prefix": "gpt-4o-mini",
"input_usd_per_1k": 0.00015,
"output_usd_per_1k": 0.00060
}
]
}
For streaming responses (SSE), Secu falls back to x-secu-cost.
If a policy requires approval, Secu returns 403 with approval_required and an approval_id. Approve in the console, then retry with x-secu-approval-id.
curl -sS \\ -H 'Authorization: Bearer sk-secu-EXAMPLE' \\ -H 'x-secu-action: llm' \\ -H 'x-secu-cost: 0.25' \\ https://api.secuplatform.com/v1/chat/completions
OpenAPI: /openapi.yaml
Secu tracks vendor cost (cost_usd) separately from Secu's fee capture (fee_usd). If Stripe is configured on the control plane, you can attach a Stripe customer to an org and generate invoices for Secu fees.