Quick answer
Use official provider keys as the safety baseline. Treat an API relay as a test candidate only when it documents Cursor API base URL behavior, model IDs, pricing, privacy policy and streaming behavior clearly.
- Cursor custom API keys are configured from Cursor Settings > Models.
- Cursor's visible providers and key options can change by app version. A search result that lists OpenAI, Anthropic, Google, Azure or AWS Bedrock does not prove that every key, cloud credential or endpoint is accepted.
- Searches that mention `api.cursor.com` or `crsr_` should be treated as Cursor-owned account or API signals unless the provider docs say otherwise.
- A provider's custom base URL docs should explain whether Cursor should use a root URL, `/v1`, or another OpenAI-compatible path.
- Do not paste a full `/v1/chat/completions` or `/v1/responses` endpoint into a Base URL field.
- Custom API keys apply to standard chat models; specialized Cursor models may still use Cursor's own models.
- Relays need extra checks for model substitution, logging, token billing and refund rules.