Providers

A provider is an upstream LLM service that NetBird routes requests to. Connecting one stores its API key server-side and exposes it through your keyless, tunnel-only agent network endpoint, so agents never hold a provider key.

agent network providers list

Supported Providers

When you connect a provider, the picker groups the catalog into first-party AI Providers, multi-provider AI Gateways, and a Custom catch-all.

AI Providers

First-party vendor APIs:

OpenAI
Anthropic
Azure OpenAI
AWS Bedrock
Google Vertex AI
Mistral

AI Gateways

Routing and aggregation layers that sit in front of multiple providers. NetBird can also forward the calling agent's identity to these so the gateway can apply its own attribution and budgets (see How It Works):

LiteLLM Proxy
Portkey AI Gateway
Bifrost
Cloudflare AI Gateway
Vercel AI Gateway
OpenRouter

Custom

Custom / Self-hosted — any OpenAI-compatible endpoint, including local models served by Ollama, vLLM, or a private GPU host.

Connect a Provider

Go to Agent Network → Providers and click Connect Provider.
Select the provider or gateway. NetBird pre-fills the upstream URL and the correct auth header for that vendor.
Paste the provider's API key. It is stored encrypted server-side and never sent to callers.
(Optional) Restrict the allowed models and set per-model pricing used for cost estimates in usage and logs.
(Optional, gateways) Fill any gateway-specific fields (for example a Portkey config ID) and the identity headers used for attribution.
Save the provider.

agent network connect provider modal

Models and Pricing

Each provider carries a list of models it serves. Leaving the list empty makes the provider a catch-all that accepts any model (typical for gateways); listing specific models restricts routing to them. Per-model input/output prices drive the cost figures shown in Usage & Logs; adjust them if your negotiated rates differ from the catalog defaults.

The Keyless Endpoint

All connected providers share a single account endpoint, generated when you connect your first provider and reachable only over the NetBird overlay.

agent network endpoint on the Providers page

Agents send normal provider requests to the endpoint without an API key; which identities may reach which providers is governed by Policies.

Install NetBird

Platforms

Policies

Usage & Logs

Integrations

Peers

Access Control

Networks

Routes

Reverse Proxy

DNS

Team

Activity

Settings

Integrations

Public API

For Partners

Cloud Marketplaces

Maintenance

Observability

Authentication

Troubleshooting

Migration Guides

Settings

Remote Access

Homelab

Cloud

Security