Toolken headers
These headers are read and stripped by the gateway before the request is forwarded to the provider.BYOK provider credential headers
These headers are forwarded verbatim to the upstream provider. The gateway does not validate or store them.
Both headers can be present on the same request when the provider accepts dual auth. All headers not in the Toolken namespace are forwarded unchanged.
Claude Code attribution headers
When you route Claude Code through Toolken, Claude Code automatically sends these headers. Toolken captures them as attribution data with no extra configuration required. They are forwarded to the provider unchanged and are not stripped.
These are the lowest-priority source for each key. If you also send
X-Toolken-Metadata-Session-Id (or any other metadata header that sets the same key), your value takes precedence. The IDs identify sessions and agents, not individual people.
customer_id precedence
When multiple sources setcustomer_id, the gateway applies this order (highest priority first):
metadata.customer_idin the JSON request bodycustomer_idkey inside theX-Toolken-Metadataheader JSON objectX-Toolken-Metadata-Customer-Idheader (or legacyX-Toolken-Meta-Customer-Id)
Reserved keys
Two metadata keys have dedicated typed storage and are always indexed at high cardinality:
Every other key you send (
agent, customer_id, feature, tier, or anything else) is stored as a metadata property and is equally filterable and groupable in the dashboard. There is no required list of keys — send any key that makes sense for your system and it appears in the group-by controls automatically.
Metadata limits
The metadata you attach throughX-Toolken-Metadata and X-Toolken-Metadata-* follows a few limits:
- Up to 16384 bytes total (the serialized JSON object).
- Up to 64 keys.
- Each key must match
^_?[a-z][a-z0-9_]{0,63}$— optional leading underscore, then start with a lowercase letter, followed by lowercase letters, digits, and underscores, up to 64 characters, plus an optional leading underscore. The reserved keysenvironmentandsession_idmust be set throughX-Toolken-Metadata-EnvironmentandX-Toolken-Metadata-Session-Idinstead ofX-Toolken-Metadata.
X-Toolken-Metadata value is not valid JSON, it is ignored silently and the request still goes through with no error. A well-formed JSON object that breaks one of the rules above — an invalid key, more than 64 keys, or over 16384 bytes — is rejected with 422 invalid_metadata. Validate the JSON on your side before sending, since malformed JSON is dropped without an error.