[AI Gateway] Clarify Vertex AI authentication and BYOK usage#28600
[AI Gateway] Clarify Vertex AI authentication and BYOK usage#28600superhighfives wants to merge 13 commits intocloudflare:productionfrom
Conversation
- Add BYOK as recommended option with clear dashboard instructions - Clarify that region dropdown in UI eliminates need for manual JSON editing - Add cf-aig-authorization header to all examples for consistency - Add note about global endpoint limitations (recommend specific regions) - Add troubleshooting section for 401 UNAUTHENTICATED errors - Reorganize authentication options for clarity Addresses customer feedback about region configuration confusion and authentication errors when using AI Gateway with Google Vertex AI.
superhighfives
requested review from
a team,
abhishekkankani,
kathayl,
mchenco,
palashgo,
roerohan and
thebongy
as code owners
github-actions
bot
added
product:ai-gateway
github-actions
bot
assigned
abhishekkankani,
bfirsh,
kathayl,
mchenco,
palashgo,
roerohan,
thebongy and
zeke
- Add comparison table showing headers needed for each auth method - Add caution callout about cf-aig-authorization vs Authorization headers - Expand troubleshooting to cover alias checking and URL path verification - Show explicit base64 encoding in non-BYOK examples - Replace ambiguous placeholders with concrete code examples
There was a problem hiding this comment.
Pull request overview
This PR enhances the Google Vertex AI documentation in response to customer feedback from Ploy.ai about confusion when setting up AI Gateway with Vertex AI. The changes clarify authentication methods, emphasize BYOK as the recommended approach, and add troubleshooting guidance.
Changes:
- Restructured authentication documentation to recommend BYOK (Bring Your Own Keys) as Option 1, with clear step-by-step instructions
- Clarified region configuration: when using BYOK, region is selected via UI dropdown; when passing credentials in headers, the
regionkey must be added to the JSON - Added
cf-aig-authorizationheader to all code examples for consistency with other provider documentation - Added warning about using specific regional endpoints instead of
globalendpoint - Added troubleshooting section for 401 UNAUTHENTICATED errors
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Use template literal with lowercase placeholder to match other provider docs.
Explicitly state that users do not need to manually add a region field to their service account JSON when using the dashboard - AI Gateway handles this automatically based on the dropdown selection.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 6 comments.
Comments suppressed due to low confidence (1)
src/content/docs/ai-gateway/usage/providers/vertex.mdx:143
- The Vertex AI
generateContentREST API expectscontentsto be an array of content objects (for example,"contents": [{...}]). This example uses"contents": { ... }, which will fail if copied verbatim; update the request body to use an array.
-d '{
"contents": {
"role": "user",
"parts": [
{
"text": "Tell me more about Cloudflare"
}
]
}
}'
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
The Vertex AI generateContent API expects 'contents' to be an array, not a single object. Fixed examples that incorrectly used object format.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Use google-vertex-ai/google/gemini-2.5-flash to match other unified endpoint examples which include the /google/ publisher prefix.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Great, this should be good for review! 👍 |
zeke
left a comment
zeke
left a comment
There was a problem hiding this comment.
Not an expert, but looks good at a cursory glance. 👍🏼
Move generic troubleshooting content to a dedicated page at /ai-gateway/reference/troubleshooting/. Keep provider-specific content on Vertex and DLP pages with cross-links.
superhighfives
force-pushed
the
docs/ai-gateway-vertex-auth-clarification
branch
from
a1d9d0f to
ed2dd81
Compare
|
Great, made those updates. cc @ethulia. 👍 |
|
|
||
| For provider-specific authentication issues: | ||
|
|
||
| - [Google Vertex AI troubleshooting](/ai-gateway/usage/providers/vertex/#troubleshooting) |
There was a problem hiding this comment.
this link to the vertex page troubleshooting section which then links back here.
There was a problem hiding this comment.
I don't mind them linking between one another, but maybe I can phrase it differently?
On Vertex, it has:
For general AI Gateway troubleshooting, refer to Troubleshooting.
On troubleshooting, it has:
For provider-specific authentication issues:
There was a problem hiding this comment.
Just following up on this one, @ethulia.
There was a problem hiding this comment.
@superhighfives sorry this was my bad, didn't realize there was more to the troubleshooting sections on these pages. will approve.
Summary
Addresses customer feedback from Ploy.ai about confusion when setting up AI Gateway with Google Vertex AI.
Changes
regionkey in JSON is only needed when passing credentials directly in the Authorization headercf-aig-authorizationheader to all examples for consistency with other provider docsus-central1) instead ofglobal, which has limited model supportCustomer Feedback Summary
regionkey to service account JSON, but UI now has a region dropdown - unclear which to uselocations/globalendpoint resulted in 401 errorscf-aig-authorizationheaderTesting
npm run checkpasses (pre-existing unrelated error)