Last updated 2026-05-13. Pricing, model names, and provider policies change frequently.
Quick answer
Before using a third-party LLM endpoint, verify who operates it, what models it serves, how pricing works, what data is retained, which terms apply, how support works, and whether the provider discloses upstream sources. Do not send sensitive data until these answers are clear.
Use this guide when
You are evaluating a lesser-known endpoint
Use this guide when a provider looks attractive on cost or compatibility but you do not yet trust how clearly it explains sourcing, data handling, or support.
You might send sensitive user traffic
This article is especially important before you pass internal documents, customer conversations, or regulated information through a third-party route.
You are comparing routers, marketplaces, and direct providers
It helps separate convenience from risk when another company sits between your product and the underlying model vendor.
Start with identity and terms
A credible provider should make company identity, terms of service, privacy policy, support channel, and pricing easy to find. Missing basics do not prove danger, but they increase review burden.
Understand the data path
Third-party endpoints may serve their own infrastructure, route to upstream providers, or combine multiple routes. Your review should identify where prompts go and whether data is logged, retained, or used for training.
Test operations, not only price
Low pricing is not enough. Check status history, rate limits, error behavior, billing clarity, refund policy, and whether support responds to production-impacting issues.
Example decision paths
Cheap compatible endpoint for an early-stage app
A low-cost compatible API can be fine for tests or non-sensitive workflows, but it should not automatically inherit the same trust level as a large official provider.
Aggregator used for fallback
A router or aggregator may improve flexibility, but the team still needs to understand whether requests are logged, transformed, or forwarded to upstream vendors.
Research or support workflow with private data
A provider that looks acceptable for public-content experiments may still be the wrong choice for document-heavy internal workflows if data retention and support terms are unclear.
Provider examples to compare
| Provider | Category | Supported models | OpenAI-compatible | Starting price | Context | Tool calling | Vision | Streaming | Status | Trust | Links |
|---|---|---|---|---|---|---|---|---|---|---|---|
| OpenRouter | LLM API Aggregators | GPT, Claude, Gemini, DeepSeek-V4 | Yes | Varies by model route | Model dependent across upstream routes | No | Yes | Yes | Available | 11/15 | |
| DeepInfra | Inference Providers | Llama, Qwen, DeepSeek-V4, Mistral | Yes | Often low for open models | Broad open-model range, model specific | No | Yes | Yes | Available | 10/15 | |
| Novita AI | OpenAI-Compatible APIs | Llama, Qwen, DeepSeek-V4, image models | Yes | Varies by model | Model dependent | No | Yes | Yes | Unclear | 10/15 | |
| AI/ML API | OpenAI-Compatible APIs | GPT-style models, Claude-style access, Gemini-style access, open models | Yes | Varies by model | Model dependent | No | Yes | Yes | Unclear | 9/15 | |
| Perplexity API | OpenAI-Compatible APIs | Sonar, online models | Yes | Varies by model | Model dependent | No | No | Yes | Available | 10/15 | |
| Together AI | Inference Providers | Llama, Qwen, DeepSeek-V4, Mistral | Yes | Often competitive for open models | Broad open-model range | No | Yes | Yes | Available | 11/15 |
Compare next
Checklist
- Company name and contact path are visible.
- Terms, privacy policy, pricing, billing, and refund terms are available.
- Data retention and upstream model sourcing are stated clearly.
- Status page, rate limits, and support channel are documented.
Recommended next step
Use provider detail pages to compare transparency checklist results before testing sensitive workflows.
FAQ
Are third-party endpoints always risky?
No, but they require extra diligence because another party may sit between your app and the underlying model.
What if a provider does not disclose upstream sources?
Treat it as a risk signal and avoid sensitive or regulated traffic until the provider clarifies.
Is this checklist a security audit?
No. It is a public-information screen that helps decide what needs deeper review.