Azure OpenAI Integration
Route your Azure OpenAI Service traffic through Rivaro for runtime enforcement. Deployment-based URL structure, authentication, and Azure-specific configuration.
SDK Configuration
Python
from openai import AzureOpenAI
client = AzureOpenAI(
api_key="your-azure-api-key",
api_version="2024-02-15-preview",
azure_endpoint="https://your-org.rivaro.ai",
default_headers={
"X-Detection-Key": "detect_live_your_key_here"
}
)
Node.js
import OpenAI from 'openai';
const client = new OpenAI({
apiKey: 'your-azure-api-key',
baseURL: 'https://your-org.rivaro.ai/openai/deployments/your-deployment-name',
defaultHeaders: {
'X-Detection-Key': 'detect_live_your_key_here',
'api-key': 'your-azure-api-key'
},
defaultQuery: {
'api-version': '2024-02-15-preview'
}
});
curl
curl "https://your-org.rivaro.ai/openai/deployments/gpt-4/chat/completions?api-version=2024-02-15-preview" \
-H "Content-Type: application/json" \
-H "api-key: your-azure-api-key" \
-H "X-Detection-Key: detect_live_your_key_here" \
-d '{
"messages": [{"role": "user", "content": "Hello"}]
}'
Supported Endpoints
| Endpoint | Method | Description |
|---|---|---|
/openai/deployments/{deploymentId}/chat/completions | POST | Chat completions |
/openai/deployments/{deploymentId}/completions | POST | Text completions (legacy) |
/openai/models | GET | List models |
Request and response formats match the Azure OpenAI REST API exactly.
Key Differences from OpenAI
No model field in request body
Azure OpenAI uses the deployment name in the URL path instead of a model field in the request body. The deployment determines which model is used.
# OpenAI: model in body
POST /v1/chat/completions
{"model": "gpt-4", "messages": [...]}
# Azure: model determined by deployment in URL
POST /openai/deployments/my-gpt4-deployment/chat/completions
{"messages": [...]}
api-version query parameter
Include the api-version query parameter in your requests. Rivaro passes it through to Azure unchanged.
/openai/deployments/gpt-4/chat/completions?api-version=2024-02-15-preview
Authentication header
Azure uses api-key instead of Authorization: Bearer:
| Header | Description |
|---|---|
api-key | Your Azure OpenAI API key (primary) |
x-api-key | Accepted as fallback (converted to api-key) |
Required Headers
| Header | Required | Description |
|---|---|---|
X-Detection-Key | Yes | Your Rivaro detection key |
api-key | Yes | Your Azure OpenAI API key |
Content-Type | Yes | application/json |
Streaming
Streaming works the same as with OpenAI. Set "stream": true in the request body. Content chunks are forwarded in real time; enforcement runs on the accumulated response after the stream completes.
Blocked Requests
Blocked responses match the OpenAI format:
{
"choices": [{
"message": {
"role": "assistant",
"content": "Content blocked due to policy violations"
},
"finish_reason": "content_filter"
}]
}
AppContext Configuration
When creating an AppContext for Azure OpenAI, the configuration map supports:
| Key | Description |
|---|---|
azureResourceName | Your Azure OpenAI resource name |
azureDeploymentName | Default deployment name |
Next steps
- Error Handling — Handle Rivaro-specific errors
- Understanding Detections — What Rivaro scans for
- API Reference — Full endpoint reference