# API Gateway Safety Boundary

This project is a safety checklist for self-hosted AI API gateways. It is not a way to sell account access.

## Allowed Positioning

- Self-deployed Cloudflare Worker starter.
- API gateway deployment tutorial.
- OpenAI-compatible routing example.
- API key safety checklist.
- Buyer-owned account and buyer-owned key.
- Source code and documentation delivery.

## Avoid

- Account pool.
- Shared API key.
- Low-price balance.
- Recharge service.
- Unlimited API.
- Guaranteed stability.
- Guaranteed cost.
- Guaranteed model availability.
- Bypassing platform limits.
- Selling access to an account you do not own or cannot legally resell.

## Correct Buyer Expectation

The buyer receives files, instructions, and tests. The buyer must still provide their own account, own keys, own quota, own domain or worker URL, and comply with the relevant platform terms.

## Why This Matters

An API gateway can be a normal developer tool when it is self-hosted and uses the buyer's own credentials. It becomes risky when it is sold as hidden third-party access, a shared key, or an account pool. Keep the product as source code and education.