Vertex AI Integration
Route your Google Vertex AI (Gemini) traffic through Rivaro for runtime enforcement. GCP project/location URL structure, Bearer token authentication, and the Gemini content format.
SDK Configuration
Python
import google.auth
from google.auth.transport.requests import Request
import requests
credentials, project = google.auth.default()
credentials.refresh(Request())
RIVARO_BASE = "https://your-org.rivaro.ai"
PROJECT_ID = "my-gcp-project"
LOCATION = "us-central1"
MODEL = "gemini-pro"
url = (
f"{RIVARO_BASE}/v1/projects/{PROJECT_ID}/locations/{LOCATION}"
f"/publishers/google/models/{MODEL}:generateContent"
)
response = requests.post(
url,
headers={
"Authorization": f"Bearer {credentials.token}",
"Content-Type": "application/json",
"X-Detection-Key": "detect_live_your_key_here"
},
json={
"contents": [{
"role": "user",
"parts": [{"text": "Hello, world!"}]
}],
"generationConfig": {
"temperature": 0.7,
"maxOutputTokens": 1024
}
}
)
print(response.json()["candidates"][0]["content"]["parts"][0]["text"])
curl
curl "https://your-org.rivaro.ai/v1/projects/my-project/locations/us-central1/publishers/google/models/gemini-pro:generateContent" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "X-Detection-Key: detect_live_your_key_here" \
-d '{
"contents": [{
"role": "user",
"parts": [{"text": "Hello"}]
}]
}'
Supported Endpoints
| Endpoint | Method | Description |
|---|---|---|
/v1/projects/{project}/locations/{location}/publishers/google/models/{model}:generateContent | POST | Generate content |
/v1/projects/{project}/locations/{location}/publishers/google/models/{model}:streamGenerateContent | POST | Generate with streaming |
Request and response formats match the Vertex AI Gemini API exactly.
URL Structure
Vertex AI endpoints include your GCP project and location in the path:
/v1/projects/{projectId}/locations/{location}/publishers/google/models/{model}:generateContent
| Component | Example | Description |
|---|---|---|
projectId | my-gcp-project | Your GCP project ID |
location | us-central1 | GCP region |
model | gemini-pro | Model name |
Authentication
Vertex AI uses GCP Bearer tokens, not API keys:
Authorization: Bearer <gcp-access-token>
Generate a token using gcloud auth print-access-token or programmatically via the Google Auth library. Rivaro passes the Authorization header through to Vertex AI unchanged.
Required Headers
| Header | Required | Description |
|---|---|---|
X-Detection-Key | Yes | Your Rivaro detection key |
Authorization | Yes | Bearer <gcp-access-token> |
Content-Type | Yes | application/json |
Request Format
Vertex AI uses the Gemini content format with contents and parts:
{
"contents": [
{
"role": "user",
"parts": [{"text": "Explain quantum computing"}]
}
],
"generationConfig": {
"temperature": 0.7,
"maxOutputTokens": 2048,
"topP": 0.95,
"topK": 40
}
}
Response format
{
"candidates": [{
"content": {
"role": "model",
"parts": [{"text": "Quantum computing uses..."}]
},
"finishReason": "STOP"
}],
"usageMetadata": {
"promptTokenCount": 10,
"candidatesTokenCount": 85,
"totalTokenCount": 95
}
}
Streaming
Use streamGenerateContent for streaming responses:
curl "https://your-org.rivaro.ai/v1/projects/my-project/locations/us-central1/publishers/google/models/gemini-pro:streamGenerateContent" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "X-Detection-Key: detect_live_your_key_here" \
-d '{
"contents": [{"role": "user", "parts": [{"text": "Hello"}]}]
}'
Content chunks are forwarded in real time. Enforcement runs on the accumulated response after the stream completes (finishReason: "STOP" or finishReason: "MAX_TOKENS").
Function Calling
Vertex AI function calling works through the proxy. Function calls appear in response parts as functionCall objects:
{
"candidates": [{
"content": {
"parts": [{
"functionCall": {
"name": "get_weather",
"args": {"city": "London"}
}
}]
}
}]
}
Rivaro inspects these function call parts against detection rules.
AppContext Configuration
When creating an AppContext for Vertex AI, the configuration map supports:
| Key | Description |
|---|---|
projectId | GCP project ID |
location | GCP region (default: us-central1) |
model | Model name (default: gemini-pro) |
Next steps
- Error Handling — Handle Rivaro-specific errors
- Understanding Detections — What Rivaro scans for
- API Reference — Full endpoint reference