Package: Invicti AppSec Enterprise (on-premise, on-demand)
OpenRouter
OpenRouter is a unified API gateway that provides access to hundreds of large language models from various providers (OpenAI, Anthropic, Google, Meta, Mistral, and more) through a single API endpoint. The Invicti AppSec integration with OpenRouter enables AI-powered features — such as vulnerability remediation guidance and security analysis — with the flexibility to switch between models from different providers using one integration.
Purpose in Invicti AppSec
OpenRouter is used in Invicti AppSec as an LLM Provider — supplying the language model that powers AI-assisted security features, while offering access to a wide range of models through a single API key.
| Use Case | Description |
|---|---|
| AI remediation guidance | Generate fix recommendations for discovered vulnerabilities using any model available on OpenRouter |
| Security analysis | Use OpenRouter-hosted language models to assist in triage and prioritization of security findings |
| Model flexibility | Switch between models from different AI providers without managing multiple API keys |
Where it is used
| Page | Navigation Path | Purpose |
|---|---|---|
| Integrations — LLM Providers | Integrations › LLM Providers | Admin activation and model configuration |
Prerequisites
Before activating the integration, obtain an API key from your OpenRouter account:
| Field | Description | Required |
|---|---|---|
| Token | OpenRouter API key used to authenticate requests | Yes |
| Model | The model to use (selected after a successful test connection) | Yes |
Obtain the API key (on the OpenRouter side)
- Log in to your OpenRouter account at
openrouter.ai. - Navigate to Settings › API Keys (or click your profile icon › Keys).
- Click Create Key and give it a descriptive name (e.g.,
invicti-AppSec). - Copy the key immediately — it won't be shown again after closing the dialog.
OpenRouter charges per token based on the model used. Ensure your account has sufficient credits before activating the integration.
Activation steps
Step 1: Navigate to Integrations
From the left sidebar, click Integrations.
Step 2: Open the LLM Providers tab
On the Integrations page, click the LLM Providers tab.
Step 3: Find and activate OpenRouter
Locate the OpenRouter card.
- If it isn't yet activated, click Activate to open the settings drawer.
- If it's already activated, click the gear icon to open the settings drawer and reconfigure.
Step 4: Fill in the required fields
In the settings drawer, enter your OpenRouter API key:
| Field | Description | Required |
|---|---|---|
| Token | Your OpenRouter API key | Yes |
Step 5: Test the connection
Click Test Connection. A green "Connection successful" message confirms that Invicti AppSec can reach the OpenRouter API with the provided key. The Model dropdown appears automatically after a successful test.
Step 6: Select a model
From the Model dropdown, select the model you want to use for AI features in Invicti AppSec. OpenRouter provides access to models from multiple providers (e.g., openai/gpt-4o, anthropic/claude-3-5-sonnet, google/gemini-2.0-flash).
Step 7: Save
Click Save to complete the activation.
Summary
| Step | Action |
|---|---|
| 1 | Navigate to Integrations from the sidebar |
| 2 | Select the LLM Providers tab |
| 3 | Find OpenRouter and click Activate (or the gear icon) |
| 4 | Enter your OpenRouter API key in the Token field |
| 5 | Click Test Connection — verify the success message |
| 6 | Select a Model from the dropdown |
| 7 | Click Save |
Troubleshooting
| Issue | Resolution |
|---|---|
| Connection failed | Verify the API key is correct and hasn't been revoked. Regenerate it from the OpenRouter settings if needed. |
| Invalid API key | Ensure the key was copied in full without extra spaces or characters. |
| No models available | Confirm your OpenRouter account is active and has sufficient credits. Some models may require specific subscription tiers. |
| 401 Unauthorized | The API key may have expired or been disabled. Generate a new key and update the configuration. |
| Insufficient credits | OpenRouter is a pay-per-use service. Add credits to your OpenRouter account to continue using the integration. |
| Model not available | Some models on OpenRouter have limited availability or require separate access requests. Choose an alternative model from the dropdown. |
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center