Roleplay reverse proxy setup: the stable version of the pattern.

Updated 2026-07-16

In roleplay communities, a "reverse proxy" means an endpoint URL you paste into JanitorAI, SillyTavern, or Risu that fronts a big-lab model. The shared free ones fail in predictable ways: dead keys, silent logging, injected prompts, and bans. The same configuration surface pointed at a metered gateway with your own key is the stable version of the exact same pattern, and this page sets it up frontend by frontend.

Quick answer: what "reverse proxy" means in this scene.

Strip the jargon and a roleplay reverse proxy is three things: a URL your frontend sends chat requests to, a key that authorizes them, and a model behind it. Character frontends added "proxy" fields so users could route around the built-in model options, and the community filled the gap with shared endpoints, some run by volunteers with donated keys, some monetized, some built on credentials of dubious origin. The pattern itself is sound; the shared implementations are what fail. A metered gateway is the same pattern with the failure modes removed: the URL is stable, the key is yours, the models are served under commercial agreements, and the bill is a usage log you can read. For this gateway the values are https://api.apisrouter.com/v1 as the base URL (or the full /chat/completions path where a frontend wants it), your sk-... key, and any catalog model id.

Base URL:   https://api.apisrouter.com/v1
Full path:  https://api.apisrouter.com/v1/chat/completions   (JanitorAI-style fields)
API key:    sk-...            (yours, from APIsRouter)
Model:      deepseek-v4-flash (or any catalog id)

Why shared free proxies fail, mechanically.

No moralizing needed; the failure modes are structural. A shared proxy runs on someone's keys, and keys sourced from donations, scraping, or theft die when the upstream vendor notices unusual traffic, which is why proxy lists rot within weeks and long stories end mid-scene. The operator sits inside every request, so your chats, personas, and sometimes your IP are visible to whoever runs the box, and several documented cases added prompt injection: the proxy quietly editing system prompts to advertise or to steer output. Rate limits arrive without warning because you share capacity with everyone else who found the same URL. And where credentials were stolen, the whole arrangement rides on someone else's compromised account. None of this is fixable from the user side, because every problem is a property of not controlling the key. The community's own advice has converged on the same conclusion: proxies you do not run are a lottery. What made shared proxies attractive was never the architecture, it was the price. That is a fair thing to want, and the honest substitute is a value-priced metered endpoint: at catalog rates here, an evening on deepseek-v4-flash bills a few cents, which is the sustainable version of free.

The config matrix: five frontends, same three values.

Every major frontend takes the same endpoint; they differ only in whether they want the base URL or the full completions path, and where the model id goes. This is the whole matrix, with each frontend's full walkthrough linked below.

The one recurring failure: pasting a full path where a base URL belongs, or the reverse. URL shape is per-frontend; everything else is identical.
FrontendURL to pasteWhere the model goes
SillyTavernhttps://api.apisrouter.com/v1 (Custom OpenAI-compatible source; ST appends the path)Dropdown fills from /v1/models after Connect
JanitorAIhttps://api.apisrouter.com/v1/chat/completions (proxy fields want the full path)Model name field, typed exactly
RisuAIhttps://api.apisrouter.com/v1 (custom OpenAI-compatible provider)Custom-model field, typed exactly
Agnaihttps://api.apisrouter.com/v1 (Third Party service, Format: OpenAI)Model field in the preset
KoboldAI Litehttps://api.apisrouter.com/v1 (mind the Add Ver. Num checkbox)Picked after connecting

Terms and safety, stated plainly.

The summary that keeps everything above consistent: the proxy pattern is legitimate infrastructure, and the trust question is entirely about who controls the key and the box. When both are you, or a metered service accountable to you, the pattern is as safe as any API usage.

  • Custom endpoint fields are supported features of these frontends, not hacks; configuring your own key through them is the intended use.
  • Model content policies are unchanged by routing: each family's written rules apply wherever it is served from. The policies-compared page below maps which families fit which content ratings, factually.
  • Platform terms still apply on top: JanitorAI, hosted SillyTavern instances, and similar services set their own rules for what runs through them, and age-appropriate use is non-negotiable everywhere.
  • Shared proxies built on stolen credentials are a different category: using them can mean participating in someone else's account compromise, and downstream bans are common. That is the one version of this pattern with no legitimate configuration.
  • Whatever endpoint you use, never paste your key into "checker" sites or Discord bots that offer to validate it; key theft in this scene mostly happens by donation.

Pay-as-you-go · transparent per-model pricing

Selected models are priced below official list prices. Exact input, output, cache, and per-request prices are shown for each model.

ModelOfficial PriceOur Price
DeepSeek V4 Flash$0.14 / $0.28 per M$0.13 / $0.25 per M
DeepSeek V4 Pro$0.43 / $0.87 per M$0.39 / $0.78 per M
GLM-5.2$1.14 / $4.00 per M$1.03 / $3.60 per M
Grok 4.5$2.00 / $6.00 per M$1.60 / $4.80 per M
Claude Sonnet 4.6$3.00 / $15.00 per M$2.40 / $12.00 per M

Model strategy once the endpoint is yours.

A stable endpoint changes model choice from "whatever the proxy serves today" to an actual decision, and the decision has a known shape. deepseek-v4-flash is the scene's default daily driver on price and dialogue quality; deepseek-v4-pro upgrades description for campaigns worth pinning. glm-5.2 holds character detail over very long horizons at the cost of reasoning latency, kimi-k2.6 rotates in for a different narrative voice, grok-4.5 is the option with a written vendor allowance for mature fiction for adults, and claude-sonnet-4-6 remains the safe-for-work prose ceiling. All of them are one model-field change apart on the same key. Cost shape is the other thing you now control. Frontends resend visible history every message, so input tokens dominate: a deliberate context window (16K to 32K) plus lorebook summaries beats a maximal one, and the context-length guide below quantifies exactly what each setting costs per evening.

Migrating off a shared proxy in five minutes.

The migration is smaller than it feels, because your frontend already has the fields. Get a key (the starting credit here issues one without a card), replace the proxy URL with the gateway URL in the same field it occupied, replace the shared key with yours, and set a model id from the catalog. Chat history, characters, and lorebooks live in the frontend, so nothing about the story changes; the only diff is who answers the requests. Then do the one thing a shared proxy never let you do: open the usage log and look at what a session actually costs. Real numbers close the loop that proxy roulette kept open, and they are almost always smaller than expected: the median chat turn on a value model bills a fraction of a cent, which is the number that made shared proxies unnecessary all along.

FAQ

What is a reverse proxy in JanitorAI and SillyTavern terms?

An endpoint URL pasted into the frontend's proxy or custom-API fields that fronts a language model: a URL, a key, and a model behind it. Community "proxies" are shared versions of that; a metered gateway with your own key is the same configuration with stable capacity and no operator between you and the model.

Are free shared roleplay proxies safe?

Structurally, no. The operator sees your chats and key traffic, keys die without notice, documented cases include injected prompts, and stolen-credential proxies add account-compromise problems. Every one of those risks follows from not controlling the key, which is the thing a personal metered key fixes.

Is using a custom endpoint against frontend terms?

Custom endpoint fields are documented, supported features in SillyTavern, JanitorAI, RisuAI, Agnai, and KoboldAI Lite. What terms do govern is content: model policies and platform rules apply regardless of routing, and the policies-compared page covers those factually.

What URL do I paste where?

Base URL https://api.apisrouter.com/v1 for SillyTavern, RisuAI, Agnai, and KoboldAI Lite, which append the path themselves; the full https://api.apisrouter.com/v1/chat/completions for JanitorAI-style proxy fields. Pasting the wrong shape is the single most common setup failure across all five.

How much does running your own key cost compared to a free proxy?

At catalog rates, an evening of heavy play on deepseek-v4-flash bills a few cents, and the starting credit covers the first sessions without a card. The usage log shows per-request costs, which is the visibility no shared proxy offers.

Will my chats be logged if I use a gateway?

The difference is accountability. A shared proxy is an anonymous operator inside your traffic with no terms at all. A metered service processes requests to serve and bill them under stated terms, and your requests are not payment-in-data for the tokens. For anything sensitive, that distinction is the whole game.