Availability boundary
This page documents the reviewed Gateway interface for deployment-scoped
pilots and private-alpha environments. It does not announce a public
production endpoint, self-service API keys, or general availability. Do
not send requests to api.tensor.cx or any example hostname unless
an approved deployment explicitly provides that base URL.
Base URL and authentication
Every request uses the installation-specific HTTPS base URL and a scoped, revocable Tensor Cortex service-account key. The key resolves one application and its allowed logical profiles before the Gateway reads product data or calls a provider.
TC_API_BASE_URL=https://ai.company.example
TC_API_KEY=<deployment-issued-scoped-key> Example-domain rule: ai.company.example is reserved for documentation. It is not a Tensor
Cortex service and will not execute the request.
Endpoints
| Method | Path | Contract |
|---|---|---|
GET | /v1/models | Lists only logical profiles authorized for the authenticated caller. |
POST | /v1/chat/completions | Executes non-streaming JSON or SSE streaming chat through one authorized logical profile. |
Chat-completions request
The model field is a logical Tensor Cortex profile such as
automatic, private, or coding. It is
not a physical provider model ID. Physical provider, deployment, and
credential selection remain behind the policy and routing boundary.
curl "$TC_API_BASE_URL/v1/chat/completions" \
-H "Authorization: Bearer $TC_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "automatic",
"messages": [
{"role": "user", "content": "Summarize this incident."}
],
"stream": false
}' Request fields
| Field | Required | Boundary |
|---|---|---|
model | Yes | Authorized logical profile; 1–64 lowercase letters, numbers, dots, underscores, or hyphens. |
messages | Yes | At least one system, developer, user, assistant, or tool message within deployment limits. |
stream | No | Defaults to false; true returns SSE when policy
permits streaming. |
stream_options.include_usage | No | Requests an optional final usage chunk for a stream. |
tools and tool_choice | No | Supports function-tool definitions and normalized tool-call messages within the published adapter contract. |
n | No | Only 1 is accepted; the current contract returns one canonical
choice. |
store | No | When present, must be false; a caller cannot enable
provider-side storage. |
Unknown fields and unsupported values fail before provider execution. A caller may provide trusted metadata headers only when its key has the corresponding scope; caller-supplied application, data-class, request-group, or end-user values never grant authorization or weaken policy.
Response contract
A successful non-streaming response uses the OpenAI-compatible
chat-completion envelope. The returned model remains the logical
profile; the physical provider and deployment are not exposed on this surface.
{
"id": "chatcmpl_tc_example",
"object": "chat.completion",
"created": 1784246400,
"model": "automatic",
"choices": [
{
"index": 0,
"message": {"role": "assistant", "content": "..."},
"finish_reason": "stop"
}
]
} Response metadata
| Header | Meaning |
|---|---|
X-TC-Request-ID | Safe request identifier for support and audit correlation. |
X-TC-Profile | Logical profile used for the request. |
X-TC-Route-Class | Simplified security boundary such as private, approved_cloud, or restricted. |
X-TC-Fallback | Whether a compliant fallback was selected before client-visible streaming began. |
RateLimit-* | The most restrictive applicable request limit, remaining count, and reset interval. |
Safe error behavior
| Status | Meaning |
|---|---|
400 | Invalid request shape or parameter. |
401 | Missing, invalid, expired, or revoked service-account key. |
403 | Policy denied the request or no compliant deployment is allowed. |
404 | The logical profile is unknown, disabled, or not visible to the caller. |
413 | Request body, context, or configured input limit exceeded. |
422 | Capability or token requirements cannot be satisfied. |
429 | An applicable user, team, application, or service-account limit was exceeded. |
503 | No valid publication, compliant deployment, or required fail-closed dependency is available. |
504 | No compliant provider completed within the allowed timeout budget. |
Error bodies use an OpenAI-compatible error envelope and carry the
same request ID. Safe messages exclude prompt content, provider response bodies,
credentials, candidate names, and physical model identity.
Compatibility limits
-
The committed contract covers
GET /v1/modelsandPOST /v1/chat/completions; it is not a claim of full OpenAI API endpoint or extension parity. - Text chat, streaming, function tools, tool calls, normalized finish reasons, and optional streaming usage are in scope. Provider-specific extensions and uncommon multimodal parts require explicit compatibility evidence.
- Fallback is permitted only inside the same policy-approved candidate set and never after the first client-visible streaming event.
-
When effective policy requires durable audit before delivery or encrypted
content capture, streaming fails before provider execution and the client
must retry with
stream=false. The safe error code isstreaming_requires_durable_audit. - Gateway responses are not cached. A repeated request performs a new policy, route, and provider execution.
Privacy and execution boundary
Gateway prompts and responses are not durably stored by default and are not response-cached. Metadata-only audit records identity and resource references, profile and policy versions, data class, route and fallback decisions, token counts, latency, health, and estimated cost—not prompt or response bodies.
An approved deployment controls provider credentials and egress. Prompt content is sent only after authentication, classification, policy enforcement, and route approval. Provider terms, retention, training, region, and subprocessor status remain deployment-specific facts; a provider brand alone does not establish them.
Need an installation-specific base URL?
Discuss the exact deployment, identity, provider, and compatibility boundary in a reviewed pilot.