TJ API Gateway — Unified, Secure, Observable AI API Operations
TJ API Gateway is TJ NOVA LTD's bilingual control plane for developers and operations teams. It brings identity, API keys, model routing, usage analytics, alerts, and administration into one dependable interface. Users can register with email and password, verify ownership with an email code, or sign in through GitHub and Google OAuth.
TJ API Gateway 是 TJ NOVA LTD 面向开发者与运营团队打造的中英双语 AI API 控制平台。它将身份、密钥、模型路由、用量分析、告警与后台管理集中在一个清晰可靠的界面中。用户可以使用邮箱密码注册、邮箱验证码、GitHub 或 Google 登录。
Core capabilities / 核心能力
- Four-leg authentication: GitHub, Google, verified email codes, and native platform registration.
- 四脚身份体系:GitHub、Google、邮箱验证码与平台注册。
- Centralized API keys, user groups, upstream accounts, proxies, quotas, and concurrency policies.
- Usage trends, model statistics, real-time metrics, operational alerts, and error tracing.
- Bilingual Chinese and English interfaces with clear authorization boundaries.
How it works / 工作方式
| Stage | User experience | System assurance |
| Register | Choose native registration or trusted OAuth | Email ownership checks, signed state, and abuse controls |
| Connect | Create keys and choose permitted services | Key isolation, group policies, quotas, and concurrency limits |
| Operate | Review requests, usage, and status | Live metrics, error tracing, alerts, and audit evidence |
| Administer | Complete operations in one backend | Administrator authorization and least-privilege access |
Frequently asked questions / 常见问题
What is four-leg authentication?
Four-leg authentication means four complete and verifiable identity paths: GitHub OAuth, Google OAuth, email verification codes, and native platform registration. Each path connects to server-side validation, a unified user record, and protected sessions.
What can administrators manage?
Authorized administrators can manage users, groups, upstream accounts, proxies, API keys, model usage, live traffic, alerts, errors, announcements, system settings, backups, and operational health.
How are credentials protected?
Private credentials remain in protected server configuration and are not included in public source, pages, or reports. OAuth state is signed and time-limited, verification codes expire quickly, and administrative APIs require authenticated administrator authorization.