Docs · LLMs and developers
Reviewed2026-06-03Version3.9.0Network Settings
Custom domains, IP allowlists, private networking, firewall rules, and network limits.
Configure network access, security, and connectivity for your Chiro AI instance. Achiral provides enterprise-grade networking with flexible security controls.
Default Network Configuration
Each Chiro instance includes:
- Secure API Endpoint: HTTPS-enabled API endpoint with SSL/TLS encryption
- Tenant Isolation: Logical isolation for your organization's data and models
- DDoS Protection: Automatic protection against distributed denial-of-service attacks
- Load Balancing: Built-in load balancing for high availability
API Endpoint
Endpoint Format
Your Chiro instance is accessible via:
https://api.achiral.ai/v1/chat/completionsAuthentication is handled via API keys in the Authorization header.
Custom Domains
Configure custom domains for your Chiro instance (available on Scale+ plans):
Via Dashboard
- Navigate to Configuration → Network → Custom Domain
- Click Add Custom Domain
- Enter your domain name (e.g.,
api.example.com) - Add the provided DNS records to your domain:
- Type: CNAME
- Name:
api(or your subdomain) - Value:
api.achiral.ai
- Click Verify DNS
- Wait for SSL certificate provisioning (usually < 5 minutes)
Via API
curl -X POST https://api.achiral.ai/v1/organizations/{org_id}/domain \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"domain": "api.example.com"
}'SSL/TLS Configuration
All endpoints use TLS 1.3 by default with:
- Certificate Authority: Let's Encrypt (automatic renewal)
- Cipher Suites: Modern, secure cipher suites only
- HSTS: HTTP Strict Transport Security enabled
- Perfect Forward Secrecy: Enabled
Custom SSL Certificates
Upload your own SSL certificates:
curl -X POST https://api.achiral.ai/v1/organizations/{org_id}/ssl \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "certificate=@cert.pem" \
-F "private_key=@key.pem" \
-F "ca_bundle=@ca.pem"IP Allowlisting
Restrict access to your Chiro instance by IP address.
Configure via Dashboard
- Navigate to Configuration → Network → IP Allowlist
- Click Add IP Range
- Enter IP address or CIDR block (e.g.,
203.0.113.0/24) - Add a description (optional)
- Click Save
Configure via API
curl -X POST https://api.achiral.ai/v1/organizations/{org_id}/allowlist \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"ip_ranges": [
{
"cidr": "203.0.113.0/24",
"description": "Office network"
},
{
"cidr": "198.51.100.50/32",
"description": "CI/CD server"
}
]
}'Allowlist Management
- Default: All IPs allowed when list is empty
- Behavior: Only listed IPs can access your Chiro instance
- Format: IPv4 CIDR notation (e.g.,
192.0.2.0/24or192.0.2.1/32) - Maximum entries: 100 IP ranges per organization
VPC Integration
Connect your Chiro instance to your Virtual Private Cloud when your deployment includes private networking.
AWS VPC Peering
Prerequisites
- AWS account with VPC
- VPC CIDR range that doesn't conflict with Achiral network (10.0.0.0/8)
- Appropriate AWS IAM permissions
Setup Steps
- Navigate to Configuration → Network → VPC Peering
- Select AWS as cloud provider
- Enter your VPC details:
- AWS Account ID
- VPC ID
- VPC Region
- VPC CIDR
- Click Request Peering
- Accept the peering connection in your AWS console
- Update route tables in your VPC to route traffic to Achiral
Via API
curl -X POST https://api.achiral.ai/v1/organizations/{org_id}/vpc-peering \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"provider": "aws",
"vpc_id": "vpc-0123456789abcdef0",
"region": "us-east-1",
"cidr": "172.31.0.0/16",
"account_id": "123456789012"
}'Google Cloud VPC Peering
Similar setup available for Google Cloud Platform VPCs. Contact support for configuration assistance.
Azure VNet Peering
Azure Virtual Network peering is deployment-specific. Contact support for configuration.
Private Endpoints
Create private endpoints accessible only within your VPC when private networking is enabled for the deployment.
Setup Private Endpoint
curl -X POST https://api.achiral.ai/v1/organizations/{org_id}/private-endpoint \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"vpc_id": "vpc-0123456789abcdef0",
"subnet_ids": ["subnet-abc123", "subnet-def456"],
"security_group_ids": ["sg-xyz789"]
}'Private endpoint URL format:
https://{org-id}.private.achiral.aiFirewall Rules
Configure outbound network access from your Chiro instance when private networking is enabled for the deployment.
Default Outbound Rules
By default, Chiro instances can access:
- External APIs (for integrations)
- Data sources (for RAG)
- Webhook endpoints
Custom Firewall Rules
Restrict outbound access:
curl -X POST https://api.achiral.ai/v1/organizations/{org_id}/firewall \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"outbound_rules": [
{
"destination": "api.example.com",
"port": 443,
"protocol": "tcp",
"action": "allow"
},
{
"destination": "0.0.0.0/0",
"port": "*",
"protocol": "*",
"action": "deny"
}
]
}'Network Performance
Bandwidth Limits
| Plan | Inbound Bandwidth | Outbound Bandwidth | Burst Capability |
|---|---|---|---|
| Spark | 1 Gbps | 1 Gbps | 2 Gbps (5 min) |
| Seed | 10 Gbps | 10 Gbps | 20 Gbps (5 min) |
| Boost and above | Deployment-specific | Deployment-specific | Deployment-specific |
Latency Optimization
- Regional Deployment: Choose regions closest to your users
- Edge Caching: Enable response caching for repeated queries
- Keep-Alive Connections: Reuse HTTP connections for better performance
- HTTP/2: Enabled by default for multiplexing
Connection Pooling
Configure connection pool settings:
curl -X PATCH https://api.achiral.ai/v1/organizations/{org_id}/config \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"network": {
"max_connections": 1000,
"connection_timeout": 30,
"keepalive_timeout": 75
}
}'Network Monitoring
Metrics Available
- Request Rate: Requests per second
- Bandwidth Usage: Inbound/outbound traffic
- Connection Count: Active connections
- Error Rate: Network-related errors
- Latency: P50, P95, P99 response times
Network Alerts
Set up alerts for:
- Bandwidth exceeding 80% of limit
- Connection count approaching maximum
- High error rates (> 1%)
- Unusual traffic patterns (DDoS detection)
DNS Configuration
DNS Records
Achiral manages DNS for your default endpoint. For custom domains:
- Add CNAME record pointing to
api.achiral.ai - Wait for DNS propagation (up to 48 hours)
- Verify in the dashboard
DNS Caching
- TTL: 300 seconds (5 minutes) for default endpoints
- Custom TTL: Configurable for custom domains
- Propagation: Global propagation via Cloudflare network
WebSocket Support
WebSocket connections are supported for real-time chat:
const ws = new WebSocket('wss://api.achiral.ai/v1/chat/stream')
ws.onopen = () => {
ws.send(
JSON.stringify({
model: 'chiro',
messages: [{role: 'user', content: 'Hello, world!'}],
stream: true,
})
)
}
ws.onmessage = event => {
console.log('Received:', event.data)
}WebSocket Configuration
curl -X PATCH https://api.achiral.ai/v1/organizations/{org_id}/config \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"websocket": {
"enabled": true,
"max_connections": 100,
"idle_timeout": 300
}
}'Network Troubleshooting
Common Issues
Connection Timeouts
- Check firewall rules and IP allowlist
- Verify DNS resolution
- Test with
curl -v https://{your-endpoint}
SSL Certificate Errors
- Ensure custom domain DNS is configured correctly
- Wait for certificate provisioning to complete
- Check certificate expiration dates
High Latency
- Choose a region closer to your users
- Enable connection keep-alive
- Use private endpoints for VPC-internal traffic
Network Diagnostics
# Test endpoint connectivity
curl -I https://api.achiral.ai/health
# Check DNS resolution
dig api.achiral.ai
# Test WebSocket connection
wscat -c wss://api.achiral.ai/v1/chat/streamNext Steps
- Storage Options - Configure persistent storage
- Security & Compliance - Advanced security features
- API Reference - Network API endpoints