Architecture
The serving path in detail — what runs where, how Azure serves the models, and what touches your data on the way through.
Draftworks is a thin, verifiable layer between the OpenAI API contract and Microsoft Azure's model fleets. This page walks the full path of a request.
The serving path
┌────────────────────────────────────────────────┐
│ your SDK │
└────────────────────────────────────────────────┘
│
│ POST /v1/chat/completions
│ OpenAI request shape, unchanged
▼
┌────────────────────────────────────────────────┐
│ api.draftworks.dev │
│ authenticate the key · place a credit hold │
└────────────────────────────────────────────────┘
│
│ HTTPS, api-key auth
▼
┌────────────────────────────────────────────────┐
│ Azure model fleet │
│ Sweden Central or East US, routed by model │
└────────────────────────────────────────────────┘
│
│ response + usage block
▼
┌────────────────────────────────────────────────┐
│ api.draftworks.dev │
│ meter usage · settle credits · sign receipt │
└────────────────────────────────────────────────┘
│
▼
┌────────────────────────────────────────────────┐
│ your SDK │
│ the response, with its Ed25519 receipt │
└────────────────────────────────────────────────┘- Gateway.
api.draftworks.devterminates TLS and authenticates your key (stored only as a SHA-256 hash). Admission places a hold against your credit balance sized to the request's worst case, which bounds concurrent overdraft. - Azure inference. The request is forwarded to a model deployment we operate on Microsoft Azure. Nothing about the request shape changes on the way through; unknown parameters are forwarded untouched.
- Response. On the way back, the gateway meters token usage from the upstream's own
usageblock, deducts the billed cost, signs the receipt over the model id, token counts, and content hashes, and returns the response with the receipt attached. - Ledger. Usage events, receipts, and the credit ledger live in Convex. Content does not: see data handling.
How Azure is used
Draftworks does not operate GPUs and does not proxy through another reseller. Each catalog model is a deployment we provision and control on Microsoft Azure, served through Azure's OpenAI-compatible inference API:
- The GPT-5.6 family, GPT-5.4 Pro, Grok 4.3, and the image and realtime models run on a primary fleet in the EU (Sweden Central), with GPT-5.6 Terra and the Kimi K2.7 deployments on a second fleet in the US (East US). Requests route by model.
- Deployments use Azure's Global Standard capacity class: Azure may serve any given call from whichever region has capacity, and the response reports the serving region in the
x-draftworks-upstream-regionheader. - The models are the vendors' own weights as distributed through Azure's model catalog. Each response reports its pinned version string, for example
gpt-5.6-sol-2026-07-09, and the receipt signs it. - Under the Azure data-processing terms for these services, request and response content is processed to run the model and is not retained by Microsoft or the model vendors, and is not used for training.
This is also where the price advantage comes from: committed Azure capacity costs less than retail API pricing, and the difference funds the 20 to 25% discount.
Realtime sessions
WebSocket sessions for gpt-realtime-2.1 terminate on a dedicated relay at realtime.draftworks.dev (Azure Container Apps, same Sweden Central region as the model). The relay authenticates your key, proxies frames to the Azure realtime endpoint unmodified, and bills each response from the session's own usage events. See realtime.
What runs where
| Component | Infrastructure | Holds |
|---|---|---|
| Gateway and site | Vercel | Nothing at rest; requests in transit |
| Model inference | Microsoft Azure | Content transiently, to run the model |
| Realtime relay | Azure Container Apps | Session frames in transit |
| Ledger and receipts | Convex | Hashes, token counts, credit ledger |
| Payments | Stripe | Card details; never touches inference |
Failure isolation follows the same lines: the status page probes the gateway, the Azure fleet, and the ledger independently, with public uptime history for each.
How receipts prevent bait-and-switch
The structural problem with discounted inference, and how signed receipts make silent model substitution a provable fraud rather than a suspicion.
Security
Key custody, transport security, infrastructure boundaries, and how to reach us — security reports, abuse, and DPA requests.