One real key. Virtual keys for everyone else.
Provision individual virtual keys for every developer, team, and service in your org — each with their own spend limits and model restrictions, all enforced at the proxy before a request ever touches your real API keys.
Spend limits that actually stick
Virtual keys aren't just tracked — limits are enforced at the proxy level before the request reaches the model provider. A developer who hits their monthly limit gets a clean error, not an overage on your bill.
Real keys stay hidden
Your provider API keys are stored encrypted and never exposed to developers. Virtual keys are the only surface they interact with.
Cross-functional
Manage keys for engineering, product, sales, and ops from a single dashboard — one source of truth for the whole org.
Full governance without slowing anyone down
Issue keys in seconds. Revoke them instantly. Set budgets that enforce themselves. Your team keeps shipping; you keep control.
Virtual key issuance
Provision keys for any team member or service from the dashboard in seconds. Each key is scoped, tracked, and independently revocable.
Spend controls
Set monthly or per-request spend limits per key. Limits are enforced at the proxy — no surprise overages.
Model restrictions
Allow or deny specific models on a per-key or per-team basis. Prevent junior devs from accidentally calling the most expensive models.
Instant rotation
Rotate or revoke any virtual key without touching your real provider credentials. No deployment required.
Usage attribution
Every request is attributed to the virtual key that made it, giving you per-developer and per-team spend breakdowns automatically.
OpenAI-compatible
Virtual keys work as drop-in replacements in any OpenAI-compatible tool. Developers change one environment variable and they're on the gateway.