Use AI in your self-hosted Arcellite server without ever storing API keys on your machine. Your server talks to Arcellite's cloud proxy, which forwards requests to the AI provider using Arcellite's keys — metered against your monthly plan quota.
Normally, to use AI in your self-hosted Arcellite server you would paste provider API keys (OpenAI, Anthropic, etc.) directly into your server's environment. Those keys sit on your machine, and if it's ever compromised, the keys are too.
Inside Out flips this model. Your Arcellite server sends AI requests to https://arcellite.com/api/ai/proxy together with your license token. Arcellite validates your license, deducts from your monthly token allowance, and forwards the request to the AI provider — using keys that only ever exist on Arcellite's server.
| Traditional (BYO keys) | Inside Out (proxy) | |
|---|---|---|
| Where are API keys? | On your server (.env) | On Arcellite's server only |
| Key exposure risk | If server is breached, keys leak | Zero — keys never touch your machine |
| Provider billing | Billed directly by provider | Included in your Arcellite plan |
| Setup effort | Create accounts per provider, manage keys | Paste your license token once |
| Usage visibility | Check each provider dashboard | Single /api/ai/proxy?license_token= call |
| Token budget | Unlimited (you pay) | Monthly quota by plan (startup / growth / enterprise) |
The full request lifecycle, step by step.
Arcellite's AI assistant builds the standard chat payload and adds your license_token and the target provider name, then POSTs to https://arcellite.com/api/ai/proxy.
Arcellite's proxy validates your license token against Firestore, looks up your plan, and checks how many tokens you've used this calendar month.
The proxy strips your license_token and provider fields, injects the real API key from its own environment, and forwards the cleaned payload to the provider (OpenAI, Anthropic, DeepSeek, or Groq).
Token counts from the provider response are recorded in Firestore under your license token and the current month. This is what the quota check in step 2 reads next time.
Your server receives the full provider response plus an _arcellite block showing how many tokens were used in this request, the running monthly total, your limit, and remaining balance.
Request flow
Your license token travels to the Arcellite proxy · API keys never reach your server
These are the AI providers available through the Inside Out proxy.
provider: "openai"provider: "anthropic"provider: "deepseek"provider: "groq"model field to whatever the provider accepts. If the provider rejects an unknown model, the proxy returns the provider's error verbatim with the original HTTP status code.Monthly limits reset on the 1st of every calendar month (UTC).
500,000
tokens / month
2,000,000
tokens / month
10,000,000
tokens / month
Token counts follow each provider's definition (total_tokens for OpenAI-compatible, input_tokens + output_tokens for Anthropic). The proxy records and charges exactly what the provider reports.
How to point your self-hosted Arcellite server to the Inside Out proxy.
In your Arcellite server's environment file, set the proxy URL and your license token. Leave all provider API key fields blank — they are not needed when using Inside Out.
# ── Inside Out: proxy mode ─────────────────────────────────
AI_PROXY_URL=https://arcellite.com/api/ai/proxy
ARCELLITE_LICENSE_TOKEN=arc_live_xxxxxxxxxxxxxxxxxxxx
# Leave ALL provider keys empty when using the proxy:
# AI_KEY_OPENAI=
# AI_KEY_ANTHROPIC=
# DEEPSEEK_API_KEY=
# AI_KEY_GROQ=arc_live_.That's it. Arcellite's AI assistant will automatically detect AI_PROXY_URL and route all requests through the proxy instead of calling providers directly.
AI_PROXY_URL is set, the proxy is used. If a per-provider key is also present, the direct key takes precedence for that provider. Remove provider keys entirely to force all traffic through the proxy.Query your current month's token consumption at any time.
curl "https://arcellite.com/api/ai/proxy?license_token=arc_live_xxxx"{
"ok": true,
"plan": "growth",
"month": "2026-03",
"tokens_used": 124532,
"tokens_limit": 2000000,
"tokens_remaining": 1875468
}The month field uses YYYY-MM format (UTC). Quotas reset at 00:00 UTC on the 1st of each month.
Full specification of the Inside Out proxy endpoint.
https://arcellite.com/api/ai/proxySend an AI request through the proxy. The proxy validates your license, checks quota, and forwards to the provider.
| Field | Type | Required | Description |
|---|---|---|---|
| license_token | string | Yes | Your Arcellite license token (arc_live_…) |
| provider | string | Yes | "openai" | "anthropic" | "deepseek" | "groq" |
| model | string | Yes | Provider model name, e.g. "gpt-4o" or "claude-sonnet-4-5" |
| messages | array | Yes | Standard chat messages array: [{role, content}, …] |
| max_tokens | number | No | Maximum tokens in the response |
| temperature | number | No | Sampling temperature (0–2) |
| system | string | No | System prompt (Anthropic only — top-level field) |
| … | any | No | Any other provider-specific parameters are passed through unchanged |
The proxy returns the full, unmodified provider response body, plus an _arcellite metadata object appended at the top level.
{
// ── Full provider response (OpenAI example) ──────────────
"id": "chatcmpl-abc123",
"object": "chat.completion",
"choices": [
{
"index": 0,
"message": { "role": "assistant", "content": "Hello!" },
"finish_reason": "stop"
}
],
"usage": { "prompt_tokens": 12, "completion_tokens": 5, "total_tokens": 17 },
// ── Arcellite metadata (appended by proxy) ────────────────
"_arcellite": {
"tokens_used_this_request": 17,
"tokens_used_this_month": 124549,
"tokens_limit": 2000000,
"tokens_remaining": 1875451
}
}| Status | Meaning |
|---|---|
| 400 | Missing or invalid license_token / provider field |
| 401 | License token not found or not active |
| 403 | Your plan does not include AI token access |
| 429 | Monthly token quota exhausted — resets on the 1st |
| 503 | The requested provider is not configured on Arcellite's proxy |
| 4xx / 5xx | Provider returned an error — passed through verbatim |
Drop-in snippets for common use cases.
const res = await fetch("https://arcellite.com/api/ai/proxy", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
license_token: process.env.ARCELLITE_LICENSE_TOKEN,
provider: "openai",
model: "gpt-4o-mini",
messages: [
{ role: "user", content: "Summarise this file in 3 bullet points." },
],
max_tokens: 512,
}),
})
const data = await res.json()
console.log(data.choices[0].message.content)
console.log("Tokens remaining:", data._arcellite.tokens_remaining)const res = await fetch("https://arcellite.com/api/ai/proxy", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
license_token: process.env.ARCELLITE_LICENSE_TOKEN,
provider: "anthropic",
model: "claude-sonnet-4-5",
system: "You are a helpful assistant.", // top-level for Anthropic
messages: [
{ role: "user", content: "What is self-hosting?" },
],
max_tokens: 1024,
}),
})
const data = await res.json()
// Anthropic response shape
console.log(data.content[0].text)import os, requests
r = requests.get(
"https://arcellite.com/api/ai/proxy",
params={"license_token": os.environ["ARCELLITE_LICENSE_TOKEN"]},
)
usage = r.json()
print(f"Used {usage['tokens_used']:,} / {usage['tokens_limit']:,} tokens this month")
print(f"Remaining: {usage['tokens_remaining']:,}")curl -X POST https://arcellite.com/api/ai/proxy \
-H "Content-Type: application/json" \
-d '{
"license_token": "arc_live_xxxxxxxxxxxxxxxxxxxx",
"provider": "groq",
"model": "llama-3.3-70b-versatile",
"messages": [{"role": "user", "content": "Hello!"}]
}'How Inside Out protects your infrastructure.
AI provider API keys are stored as environment variables on Arcellite's server only. They are injected at request time and never returned in any response.
Every proxied request is validated against your license token. Expired, revoked, or invalid tokens are rejected before any upstream call is made.
Monthly limits are enforced server-side before the upstream call. Even if your self-hosted server is compromised, the attacker is capped by your plan quota.
Contact Arcellite support immediately to revoke and reissue your token. A compromised license token can only spend tokens up to your monthly plan limit.
ARCELLITE_LICENSE_TOKEN). Never hardcode it in source files or expose it to client-side JavaScript.Get a plan, set two environment variables, and your Arcellite server is AI-powered — with zero API keys on your machine.