# AI API Gateway Deployment Checklist

Use this before buying, deploying, or handing off an AI API gateway.

## 1. Account And Key Boundary

- [ ] The user owns the Cloudflare account or target platform account.
- [ ] The user owns the upstream API key.
- [ ] The gateway does not expose upstream keys to browsers, screenshots, logs, or public repos.
- [ ] No one is reselling an account pool, shared key, balance, recharge service, or unlimited API.
- [ ] The buyer understands that quota, billing, model availability, latency, and policy enforcement depend on the upstream platform.

## 2. Worker Deployment

- [ ] `wrangler` is installed and authenticated.
- [ ] The Worker has a unique route or workers.dev URL.
- [ ] Secrets are set through `wrangler secret put` or Cloudflare dashboard variables.
- [ ] `.dev.vars`, `.env`, and local key files are excluded from git.
- [ ] Dry-run or preview deployment succeeds before production deployment.

## 3. Gateway Behavior

- [ ] `/health` returns a simple status without exposing secrets.
- [ ] `/v1/models` or equivalent model-list endpoint works.
- [ ] Chat completion request returns a model response or a clear upstream error.
- [ ] Invalid client token returns `401`.
- [ ] Missing required body fields return `400`.
- [ ] Unsupported route returns `404`.

## 4. Client Safety

- [ ] Client requests use a separate client token, not the upstream provider key.
- [ ] Rate limits, usage logs, or manual review rules are planned before sharing the gateway.
- [ ] CORS is restricted to known tools when possible.
- [ ] Error responses do not print upstream keys or internal config.
- [ ] The buyer has a rollback plan: rotate keys, disable route, or delete Worker.

## 5. Sales And Delivery Boundary

- [ ] The listing says it is source code, tutorial, checklist, or self-deployment material.
- [ ] The listing does not say low-price account, shared account, account pool, unlimited API, bypass limit, guaranteed stable, or guaranteed income.
- [ ] The listing says the buyer uses their own account and key.
- [ ] Delivery includes a clear no-account/no-key/no-recharge statement.
- [ ] After-sales support covers file integrity and explanation, not guaranteed platform success.

## Paid Starter

If you want a ready Cloudflare Worker starter, deployment notes, curl tests, and delivery copy, use the paid pack:

https://ronnie2025.github.io/ai-agent-workbench-starter-pack/ai-api-gateway-deploy-pack.html