ContextQMD
Back to Apisix

ai-request-rewrite

docs/en/latest/plugins/ai-request-rewrite.md

3.16.08.6 KB
Original Source
<!-- # # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # -->

Description

The ai-request-rewrite plugin intercepts client requests before they are forwarded to the upstream service. It sends a predefined prompt, along with the original request body, to a specified LLM service. The LLM processes the input and returns a modified request body, which is then used for the upstream request. This allows dynamic transformation of API requests based on AI-generated content.

Plugin Attributes

FieldRequiredTypeDescription
promptYesStringThe prompt send to LLM service.
providerYesStringName of the LLM service. Available options: openai, deekseek, azure-openai, aimlapi, anthropic, openrouter, gemini, vertex-ai, and openai-compatible. When aimlapi is selected, the plugin uses the OpenAI-compatible driver with a default endpoint of https://api.aimlapi.com/v1/chat/completions.
provider_confNoObjectConfiguration for the specific provider. Required when provider is set to vertex-ai and override is not configured.
provider_conf.project_idYesStringGoogle Cloud Project ID.
provider_conf.regionYesStringGoogle Cloud Region.
authYesObjectAuthentication configuration
auth.headerNoObjectAuthentication headers. Key must match pattern ^[a-zA-Z0-9._-]+$.
auth.queryNoObjectAuthentication query parameters. Key must match pattern ^[a-zA-Z0-9._-]+$.
auth.gcpNoObjectConfiguration for Google Cloud Platform (GCP) authentication.
auth.gcp.service_account_jsonNoStringContent of the GCP service account JSON file. This can also be configured by setting the GCP_SERVICE_ACCOUNT environment variable.
auth.gcp.max_ttlNoIntegerMaximum TTL (in seconds) for caching the GCP access token. Minimum: 1.
auth.gcp.expire_early_secsNoIntegerSeconds to expire the access token before its actual expiration time to avoid edge cases. Minimum: 0. Default: 60.
optionsNoObjectKey/value settings for the model
options.modelNoStringModel to execute. Examples: "gpt-3.5-turbo" for openai, "deepseek-chat" for deekseek, or "qwen-turbo" for openai-compatible or aimlapi services
override.endpointNoStringOverride the default endpoint when using OpenAI-compatible services (e.g., self-hosted models or third-party LLM services). When the provider is 'openai-compatible', the endpoint field is required.
timeoutNoIntegerTotal timeout in milliseconds for requests to LLM service, including connect, send, and read timeouts. Range: 1 - 60000. Default: 30000
keepaliveNoBooleanEnable keepalive for requests to LLM service. Default: true
keepalive_timeoutNoIntegerKeepalive timeout in milliseconds for requests to LLM service. Minimum: 1000. Default: 60000
keepalive_poolNoIntegerKeepalive pool size for requests to LLM service. Minimum: 1. Default: 30
ssl_verifyNoBooleanSSL verification for requests to LLM service. Default: true

How it works

Examples

The examples below demonstrate how you can configure ai-request-rewrite for different scenarios.

:::note

You can fetch the admin_key from config.yaml and save to an environment variable with the following command:

admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')

:::

Redact sensitive information

shell
curl "http://127.0.0.1:9180/apisix/admin/routes/1" -X PUT \
  -H "X-API-KEY: ${admin_key}" \
  -d '{
    "uri": "/anything",
    "plugins": {
      "ai-request-rewrite": {
        "prompt": "Given a JSON request body, identify and mask any sensitive information such as credit card numbers, social security numbers, and personal identification numbers (e.g., passport or driver'\''s license numbers). Replace detected sensitive values with a masked format (e.g., \"*** **** **** 1234\") for credit card numbers. Ensure the JSON structure remains unchanged.",
        "provider": "openai",
        "auth": {
          "header": {
            "Authorization": "Bearer <some-token>"
          }
        },
        "options": {
          "model": "gpt-4"
        }
      }
    },
    "upstream": {
      "type": "roundrobin",
      "nodes": {
        "httpbin.org:80": 1
      }
    }
  }'

Now send a request:

shell
curl "http://127.0.0.1:9080/anything" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John Doe",
    "email": "[email protected]",
    "credit_card": "4111 1111 1111 1111",
    "ssn": "123-45-6789",
    "address": "123 Main St"
  }'

The request body send to the LLM Service is as follows:

json
{
  "messages": [
     {
       "role": "system",
       "content": "Given a JSON request body, identify and mask any sensitive information such as credit card numbers, social security numbers, and personal identification numbers (e.g., passport or driver's license numbers). Replace detected sensitive values with a masked format (e.g., '*** **** **** 1234') for credit card numbers). Ensure the JSON structure remains unchanged."
     },
     {
       "role": "user",
       "content": "{\n\"name\":\"John Doe\",\n\"email\":\"[email protected]\",\n\"credit_card\":\"4111 1111 1111 1111\",\n\"ssn\":\"123-45-6789\",\n\"address\":\"123 Main St\"\n}"
     }
   ]
}

The LLM processes the input and returns a modified request body, which replace detected sensitive values with a masked format then used for the upstream request:

json
{
  "name": "John Doe",
  "email": "[email protected]",
  "credit_card": "**** **** **** 1111",
  "ssn": "***-**-6789",
  "address": "123 Main St"
}

Send request to an OpenAI compatible LLM

Create a route with the ai-request-rewrite plugin with provider set to openai-compatible and the endpoint of the model set to override.endpoint like so:

shell
curl "http://127.0.0.1:9180/apisix/admin/routes/1" -X PUT \
  -H "X-API-KEY: ${admin_key}" \
  -d '{
    "uri": "/anything",
    "plugins": {
      "ai-request-rewrite": {
        "prompt": "Given a JSON request body, identify and mask any sensitive information such as credit card numbers, social security numbers, and personal identification numbers (e.g., passport or driver'\''s license numbers). Replace detected sensitive values with a masked format (e.g., '*** **** **** 1234') for credit card numbers). Ensure the JSON structure remains unchanged.",
        "provider": "openai-compatible",
        "auth": {
          "header": {
            "Authorization": "Bearer <some-token>"
          }
        },
        "options": {
          "model": "qwen-plus",
          "max_tokens": 1024,
          "temperature": 1
        },
        "override": {
          "endpoint": "https://dashscope.aliyuncs.com/compatible-mode/v1/chat/completions"
        }
      }
    },
    "upstream": {
      "type": "roundrobin",
      "nodes": {
        "httpbin.org:80": 1
      }
    }
  }'