Use on-prem model

Support Help
,
1

We have a custom model hosted on-prem. We expose it via OpenAI compatible API.
But when we use the hostname we get a DNS error and private IPs are forbidden when we try to override base URL in OpenAI configuration.

The model is an agentic model that was slightly fined tuned with private data, and we don’t want to expose it outside.

How can we use our model in Cursor?

3

Hey, thanks for the question.

The issue is that BYOK API keys work through Cursor’s backend. All requests go through our servers for the final prompt construction. This means private IPs and internal hostnames aren’t accessible, because our backend can’t reach your internal network.

Can you send:

  • The exact DNS error text
  • The hostname you’re using (is it your company’s internal domain?)
  • The error message when trying to use a private IP
  • Your Cursor version (Menu → About Cursor → Copy)

Possible workarounds:

  • Expose the model via a public endpoint with authentication
  • Set up a reverse proxy with public DNS
  • Use a VPN with a public address

I’ll pass this info to the team.

6

Hi @deanrie, thanks for the reply.

  1. After Cursor update, I get just a general error message We’re having trouble connecting to the model provider. This might be temporary - please try again in a moment.
  2. The hostname is internal - prefer not to publish.
  3. If I replace the hostname with IP I get {“error”:{“type”:“client”,“reason”:“ssrf_blocked”,“message”:“connection to private IP is blocked”,“retryable”:false}}
  4. Version: 2.4.21 (system setup)
    VSCode Version: 1.105.1
    Commit: dc8361355d709f306d5159635a677a571b277bc0
    Date: 2026-01-22T16:57:59.675Z
    Build Type: Stable
    Release Track: Default
    Electron: 39.2.7
    Chromium: 142.0.7444.235
    Node.js: 22.21.1
    V8: 14.2.231.21-electron.0
    OS: Windows_NT x64 10.0.26100

For the workarounds:
How can we authenticate the user that uses Cursor in our service?
If you have documentation that explains Cursor’s authentication mechanism, please share

7

Thanks for the details and the version.

On authentication for a public endpoint: Cursor sends the API key in the headers in the standard way (Authorization: Bearer). Your reverse proxy can validate that key or add extra authentication on your side.

But since you’re Enterprise, the best path is to reach out to [email protected]. The technical solutions engineers there can discuss integration options for your use case, including possible enterprise-specific options.