> ## Documentation Index
> Fetch the complete documentation index at: https://docs.portkey.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Backend
Discuss how Portkey's AI Gateway can enhance your organization's AI infrastructure
## v1.18.0
***
### Saved-Only Mode — Block Inline Configs
* New **`block_inline_config`** data-plane security setting (org-level, with a `data_plane_security_settings` workspace override). When enabled, the Gateway accepts only admin-curated saved resources and rejects requests that select a provider, endpoint, or config inline
* Enabled by default for organisations created on or after **June 19, 2026**; self-hosted Gateways can force it everywhere with `BLOCK_INLINE_CONFIG=true`
* [Saved-Only Resources Documentation](/product/administration/enforce-saved-only-config)
Requires Gateway **2.11.0** or higher to take effect; on earlier versions inline configuration is not blocked.
### New Provider — MiniMax
* **MiniMax** added to the Model Catalog (`minimax`), with model and pricing configs
* [LLM Integrations](/integrations/llms)
### SCIM — Multi-Workspace Group Provisioning
* A single SCIM group can now map to **multiple workspaces** (1:N), provisioning members into every mapped workspace with one consistent role. Creating a mapping whose role differs from the group's existing mappings is rejected
* `GET /v1/scim/workspaces` now returns paginated results with `page`, `page_size`, and `total_count`
* `GET /v1/scim/groups` (Control Plane) now supports `search` and pagination so large groups directories stay navigable; the previous `include_mapped_groups` filter has been removed since a group can now be mapped to many workspaces
* [SCIM Group Management Documentation](/product/enterprise-offering/org-management/scim/group-management)
### Unified `/models` Endpoint
* New config flag **`fetch_integrated_models`** and the **`x-portkey-models-endpoint`** request header let callers fetch the integrated catalog model list through the Gateway
* [Model Catalog Documentation](/product/model-catalog/integrations)
### JWT Scopes
* New **`agents.invoke`** data-plane scope can be granted in JWT token scopes
* [JWT Documentation](/product/enterprise-offering/org-management/jwt)
### Org & Workspace Settings
* Enabling a non-security workspace override now syncs the current org-level settings down to workspaces, keeping workspace defaults consistent with the organisation
* [Administration Documentation](/product/administration/enforce-default-config)
### Usage Limit Policies
* `GET` usage-limits policy list responses now include **`periodic_reset`**
* Next usage-reset timestamps are auto-updated as reset windows roll over
* [Budget & Usage Policies Documentation](/product/enterprise-offering/budget-policies)
### Security
* Hardened SSRF checks. For air-gapped deployments, set `TRUSTED_CUSTOM_HOSTS` as an environment variable to allow internal hosts.
* Updated dependencies to patch security vulnerabilities
* [Trusted Custom Hosts Documentation](/product/ai-gateway/custom-hosts#trusted-custom-hosts-allowlist)
### Fixes and Improvements
* **AWS**: Fixed EKS pod-identity authentication.
* **Config**: Fixed config creation with Organisation admin API Key
* **API**: `GET` workspace endpoint accepts `name_format=plain` to return the workspace name with leading emoji stripped (default `display` keeps the icon prefix).
## v1.17.0
***
### Guardrails Updates
* **New: Cato Networks Guardrail** — Partner guardrail (`cato.analyze`) sends prompts/responses to Cato for inspection; supports monitor, anonymize, or block actions with optional `userEmail`, `keyAlias`, and `timeout`
* New **`guardrails.invoke`** scope for workspace-service and workspace-user API keys
* [Cato Documentation](/integrations/guardrails/cato)
### Integrations
* **Anthropic**: Integrations now accept `anthropic_inspect_stream_for_overloaded_error` in provider configuration (maps to gateway overloaded-stream handling)
* [Anthropic Documentation](/integrations/llms/anthropic#catch-overloaded-error-on-stream)
### Prompt Library — Sharing
* Prompt and partial sharing consolidated under workspace-scoped APIs (`POST/PUT/DELETE /v2/prompts/:id/share`, `/fork`, `/unshare`, and partial equivalents)
* List endpoints support `type=shared` and `show_prompt_share` query parameters
* Deprecated organisation-level prompt/partial routes removed
* [Sharing Documentation](/product/prompt-engineering-studio/prompt-sharing)
### Configs API
* Config create/update schema now validates `default_params` and `drop_params` on targets (in addition to `override_params`)
* [Documentation](/product/ai-gateway/configs#default-and-drop-params)
### API Key Management
* New org-only setting **`default_workspace_user_api_key_auto_create`** — controls auto-provisioning of workspace-user API keys when users join the default workspace (separate from per-workspace `user_api_key_auto_create`)
* **`user_api_key_rotation_period`** enforcement now accepts **days only** (integer 1–365); existing `weekly`/`monthly` values migrated to `7`/`30` (input still accepts `weekly`/`monthly` and normalizes to days)
* When rotation is org/workspace-enforced, **`next_rotation_at`** on API key update can no longer be manually overridden
* JWT/API key details (`GET` key details) now include the API key **`name`**
* [Rotation Documentation](/product/enterprise-offering/org-management/api-key-rotation#organisation-enforced-rotation-period)
* [Default Config Documentation](/product/administration/enforce-default-config#workspace-default-config-for-user-api-keys)
### DB Migrations
* Prompt library share tables (`prompt_shares`, partial shares)
* `guardrails.invoke` API scope seed
* Cato and Claude Platform (AWS) integration/provider seeds
* Normalise `user_api_key_rotation_period` from `weekly`/`monthly` to day integers
### Fixes and Improvements
* Fixed usage-limits policy exhaustion handling on enterprise deployments
* Fixed workspace update when identified by slug
* SAML org callback ignores organisation ID in private deployments
* Re-activated users in SCIM/invite provisioning now receive workspace-user API keys when eligible
* Hardened custom-host validation across additional routes; SQL injection guards for files/batches/finetunes
* Security dependency updates
## v1.16.2
***
### Guardrails Updates
* **New: Lakera Guard** — Partner guardrail calling Lakera Guard `/v2/guard` for prompt injection, policy violations, and PII detection. Configurable `projectID`, `endInclusive`, and `timeout`
* [Lakera Documentation](/integrations/guardrails/lakera)
### New Providers & Plugins
* **fal.ai** provider added to Model Catalog (`fal-ai`) for OpenAI-compatible inference across LLM, image, video, and audio models
* **BytePlus** provider integration validation now supports `byteplus_region` in the integrations API (Model Catalog)
* [BytePlus Documentation](/integrations/llms/byteplus)
### Workspace Defaults — User API Key Config
* Workspaces can set `defaults.user_api_key_config` (config ID or slug) via `PUT /v2/workspaces/:id` — applied to auto-created workspace-user API keys and as the fallback when creating user API keys without an explicit `defaults.config_id`
* `GET /v2/workspaces/:id` returns `defaults.user_api_key_config` as the config slug when set
* Deleting a config that is a workspace's `user_api_key_config` default is blocked until the default is cleared
* [Documentation](/product/administration/enforce-default-config#workspace-default-config-for-user-api-keys)
### Security & SSRF Hardening
* `isValidCustomHost` validation extended across organisation settings, deployments, providers, virtual keys, MCP integrations, integration-model `custom_host`, and SAML ACS URLs — blocks private/reserved IPs, metadata endpoints, non-HTTP(S) schemes, URL fragments, and other unsafe targets
### SSO / Authentication
* **PKCE**: Hardened OIDC PKCE flows
* **JWT user attribution**: JWT-authenticated requests now correctly resolve user email and enforce workspace membership for user-scoped attribution
### API Key Management
* `GET /v2/api-keys` supports an `ids` query parameter (comma-separated UUIDs) for batch lookup — used by audit-log actor resolution
### Fixes and Improvements
* Fixed usage-limits policy exhaustion marking on hosted deployments (enterprise cache path)
## v1.16.1
***
### Agent Gateway
* **`POST /v2/agent-integrations/fetch-agent-card`** now validates the upstream endpoint with SSRF-hardened custom-host checks (blocks private/reserved IPs, cloud metadata hosts, non-HTTP(S) schemes, URLs with `#` fragments, and other unsafe targets)
* Agent card responses must be valid JSON objects containing `url` and `name`; responses over **1 MB** are rejected
* Discovery tries only `/.well-known/agent-card.json` and `/.well-known/agent.json` — no longer falls back to fetching the raw base endpoint
### Provider Batches (Guardrails Pipeline)
* New `internal_output_file_id` column on `batches`; `PUT /v2/batches/:id` accepts `internal_output_file_id` for the guardrails-on-batches processing pipeline
* `GET /v2/configs` now accepts data-service token authentication for service-to-service config reads
### Hosted Deployments
* Log export start/cancel/download calls to the data service now include unified-gateway service auth headers on hosted (non-private) deployments
### Fixes and Improvements
* Fixed ClickHouse analytics time-series queries
## v1.16.0
***
### Guardrails Updates
* **New: Tavily Online Search Guardrail** — Adds relevant Tavily web search results to the prompt before inference, so the model can answer with current online information. Configurable search depth, topic, time range, domain include/exclude, and more
* **F5 Guardrails: Credential Override** — F5 Guardrails check now accepts an optional `credentials` object (`apiKey`, `calypsoUrl`) that overrides the organisation-level integration credentials per workspace
* **Prompt Security: Configurable Policy** — `Protect Prompt` / `Protect Response` checks renamed to **"Prompt Security Prompt"** / **"Prompt Security Response"** and now accept `policy` (per-detector JSON), `redact`, `monitorOnly`, `user`, and `userGroups` parameters
* [Tavily Documentation](/integrations/guardrails/tavily)
* [F5 Guardrails Documentation](/integrations/guardrails/f5-guardrails)
* [Prompt Security Documentation](/integrations/guardrails/prompt-security)
### Azure Integrations
* **Azure Workload Identity**: New `workload` auth mode formally supported on the integrations API for both Azure OpenAI and Azure AI Foundry. Schema requires `azure_workload_client_id` and `azure_workload_tenant_id`
* **Azure AI Foundry — Entra Federated**: The `entraFederated` auth mode (AWS → Entra federation) is now available on Azure AI Foundry integrations in addition to Azure OpenAI
* [Azure Authentication Documentation](/integrations/llms/azure-openai/authentication)
### Usage Limit Policies — `requests` Type
* New **`requests`** usage-limits policy type, alongside existing `cost` and `tokens`. Caps the number of matching requests per reset window
* Includes DB migration (`usage_limits_policies.type` enum extended to `cost` / `tokens` / `requests`)
* [Documentation](/product/enterprise-offering/budget-policies#policy-types)
### Policy Conditions — Updatable
* `PUT /v2/policies/usage-limits/:id` and `PUT /v2/policies/rate-limits/:id` now accept `conditions` in the request body. Conditions are validated against the policy type and persisted on the policy
* [Documentation](/product/enterprise-offering/budget-policies#conditions)
### API Key Rotation — Configurable Cadence in Days
* `user_api_key_rotation_period` organisation/workspace setting now accepts an integer between `1` and `365` in addition to `weekly` / `monthly`
* Rotation policies on API keys now accept `rotation_period_days` (1–365); mutually exclusive with `rotation_period`
* Enforcement: explicit rotation policies that don't match the enforced cadence (named period or days) are rejected at create/update time
* [Documentation](/product/enterprise-offering/org-management/api-key-rotation#organisation-enforced-rotation-period)
### Self-Hosting & Networking
* **`NO_PROXY` support**: Outbound LLM, OIDC, and Mailgun calls now honour the `NO_PROXY` environment variable in conjunction with `HTTPS_PROXY` / `HTTP_PROXY`
* **`REQUEST_TIMEOUT`**: Configures the outbound fetch timeout in milliseconds (applies to LLM and OIDC traffic). Defaults preserved
* **OIDC fetch**: `Issuer` and `OidcClient` are now configured with the same HTTP agent (proxy/timeout) as the rest of the backend
* **Header sanitization**: Strict-mode validation for analytics `order_by` clauses and ClickHouse queries; better guards around enterprise logs/analytics routes
### MCP Gateway
* **Dynamic Client Registration (DCR)**: `POST /oauth/register` now performs strict validation on `redirect_uris` (length, scheme, allow-list); `redirect_uri` is also re-checked on `/oauth/authorize` and `/oauth/postAuthorizeConsent`
* **MCP Metadata Sync Caching**: MCP server metadata sync now uses a short-lived cache to absorb bursts of metadata updates from upstream agents and reduce DB load
* Removed legacy control-plane OAuth provider used for upstream MCP server auth (now handled directly by the gateway)
* Removed the `@modelcontextprotocol/sdk` package dependency from the backend (gateway-only)
### SCIM
* `DELETE /v1/scim/workspaces/...` now returns `{ "success": true }` instead of an empty body for clearer client semantics
### Auth & Sessions
* `GET /v1/auth/self` now requires a session/JWT and rejects requests authenticated only with an API key
* Reduced log noise for expired JWT tokens (no longer logged as errors)
* Deprecated legacy OIDC and Firebase custom-token endpoints removed: `/users/firebase-custom-token`, `/utils/oidc-client-id`, the older OIDC/Okta authentication middlewares, and the deprecated v2 cache wrapper / first-generation done-flag route
### Model Catalog
* **Model & pricing config sync**: Updated model and pricing configs for Anthropic, Azure AI, Bedrock, Bedrock Mantle, DeepInfra, Google, OpenRouter, Together AI, and Vertex AI
### Security
* Hardened authorisation error responses and OAuth error paths to avoid leaking unintended details
* Stricter `redirect_uri` validation on OAuth DCR endpoints
* Multiple dependency updates and `npm audit` fixes
### Fixes and Improvements
* Fixed exception handling in prompt playground / prompt completion proxies so upstream fetch failures return clean errors and strip lingering headers
* Fixed cache invalidation regressions on API-key reset flows and bulk-fetch of API-key versions
* Fixed log-export `requested_data` JSON serialisation
* Fixed knex raw queries for collections, labels, prompts, and tools (safer query builders, stricter validators, org-id guards)
* Fixed `getModelGroupedData` analytics order-by reference and added stricter ClickHouse order-by validation
* Fixed empty/normalised `workspaceId` handling in collections list controller
* Fixed `user_api_key_rotation_period = null` edge case during rotation policy evaluation
## v1.15.0
***
### Auto-Created User API Keys
* New `user_api_key_auto_create` organization setting (with workspace-level override) that automatically provisions a default workspace-user API key for members on join, invite acceptance, SCIM provisioning, and workspace add
* Auto-generated keys inherit the workspace's `user_api_key_ttl` and the org/workspace-enforced `user_api_key_rotation_period` (if set)
### API Key Rotation: Organization-Enforced Period
* Organization owners/admins can now enforce a `rotation_period` on workspace-user API keys via the `user_api_key_rotation_period` setting (with optional per-workspace override)
* New keys without a rotation policy are auto-assigned the enforced period; explicit rotation periods that differ from the enforced value are rejected at create/update time
* New `rotation_period_days` column added to `rotation_policies` (preparatory; API surface remains `weekly` / `monthly`)
* [Documentation](/product/enterprise-offering/org-management/api-key-rotation#organisation-enforced-rotation-period)
### Configurable API Key Prefix (Air-Gapped Only)
* New `API_KEY_PREFIX` environment variable lets self-hosted deployments prefix all newly-generated Portkey API keys with a custom string
### Usage Limits: Custom Reset Cadence
* Usage limits policies now support **`periodic_reset_days`** (1–365) for arbitrary day-based reset cadences, in addition to existing `monthly` / `weekly` resets
* New **`next_usage_reset_at`** field to override the next reset timestamp (normalized to UTC midnight)
* `periodic_reset` and `periodic_reset_days` are mutually exclusive
* New `periodic_reset_days`, `next_usage_reset_at`, and `last_reset_at` fields exposed on policy GET/LIST responses
* [Documentation](/product/enterprise-offering/budget-policies#periodic_reset_days-optional)
### Integration & MCP Enhancements
* **Pricing Adjustments**: Integrations now accept a `pricing_adjustments.multiplier` config to apply per-token markup/discount multipliers (`request_token`, `response_token`, `cache_*`, `audio`, `reasoning`, etc.) on top of base pricing
* **Custom Host per Custom Model**: `models[].configurations.custom_host` can now be set per integration model (via `PUT /integrations/:id/integration-models`) — required `configurations` validation enforces a non-empty object with a valid URL
* **Secret Mappings: JSON values**: `secret_mappings` now accept a `value_format` field (`string` | `json`) — `json` parses stringified JSON into the target field (e.g. service-account credentials)
* **MCP Integrations**: `secret_mappings` are now supported on MCP integrations and resolved at request time. New `secret_mappings` column added to `mcp_integrations`
* **Azure: Entra Federated Auth**: New `azure_auth_mode: entraFederated` mode for Azure OpenAI integrations (`azure_entra_tenant_id` + `azure_entra_client_id`, no client secret required)
* **Bedrock Mantle Provider**: New `bedrock-mantle` provider seeded for AWS's OpenAI-compatible Bedrock inference engine
* [Bedrock Mantle Documentation](/integrations/llms/bedrock-mantle)
### SSO Subdomain Wildcards
* Organisation email domains now accept an `allow_subdomains` flag — when enabled on a root domain, users from any subdomain (e.g. `team.example.com`, `eu.example.com`) resolve to the same SSO settings
* Sub-domains themselves cannot have `allow_subdomains` enabled — only the root domain
### SCIM Enhancements
* **Workspace Mapping by Group Name**: `POST /v1/scim/workspaces` now accepts `scim_group_name` (in addition to `scim_group_id`) — auto-creates the SCIM group if it doesn't exist yet
* Workspace mapping requests now go through validation middleware: `workspace_id` and `role` (one of `admin`, `manager`, `member` — case-insensitive) are required, plus exactly one of `scim_group_id` / `scim_group_name`
* **Group Membership Cleanup**: SCIM group update flows refactored — group membership changes now correctly remove user API keys when users are removed from the org/workspace via SCIM
* [Documentation](/product/enterprise-offering/org-management/scim/group-management)
### Admin Log Permissions
* New organization and workspace security settings:
* `organisationAdminsViewLogs` — control whether org admins can view request logs
* `organisationAdminsViewLogMetadata` — control whether org admins can view log metadata
* Settings are enabled by default and support workspace-level overrides
### Configs — Passthrough Provider
* Configs now accept a top-level `passthrough: true` flag, allowing a config to mark requests as passthrough mode (no provider transformation) — exclusive with `targets`/`strategy`/`override_params`/`*_guardrails`
### Guardrails Updates
* **Required Metadata Key-Value Pairs**: New `matchType` parameter (`exact` (default), `contains`, `containsAll`, `regex`) controls how metadata values are compared
* **Akto**: Schema renamed to **"Akto Guardrail"**, `apiDomain` is now required (Akto base URL is derived from it), `deny: true` is the new default
* **Guardrail Pagination**: `GET /guardrails` now supports `current_page` and `page_size` query parameters
* **Multi-ID Lookup**: `GET /guardrails?ids=...` now accepts comma-separated guardrail IDs
* [Akto Documentation](/integrations/guardrails/akto)
### Models API
* `total_count` on `GET /v1/models` now reflects the filtered total (matching the applied query) instead of the unfiltered total
* `/models` route is now accessible to all workspace roles (previously restricted)
* Renamed `total` → `total_count` in models endpoint output
### Agent Gateway
* Granular RBAC scopes added for `organisation_agent_integrations.*`, `workspace_agent_integrations.*`, `agent_servers.*`, `agent_server_skills.*`, `agent_integration_skills.*`, and `agent_server_user_access.*`
* New **`agents.invoke`** scope for invoking agents (workspace-service / workspace-user keys)
* New `GET /v1/agent-servers/:id/agent-card` endpoint to fetch the upstream agent card
### Self-Hosting & Deployment
* **Gateway Registration — Air-Gapped & License-Gated**: Gateway registration is now enabled based on subscription `licenseType` (`HYBRID` / `AIRGAP`) combined with private-deployment flags. Air-gapped deployments can register gateways without external connectivity
* **OpenShift / pm2**: Dockerfile updated with `pm2-home`, increased read limits, and removed `chown 1001` for OpenShift compatibility
### Security
* Strip sensitive request headers (e.g. `x-forwarded-*`) from inbound requests before processing
* AWS role ARN is now returned **unmasked** on integration GET/LIST (was previously masked)
* Security dependency updates and vulnerability fixes
### Fixes and Improvements
* Fixed `customHost` validation regression on custom-model integrations
* Fixed cache invalidation on MCP server connection delete in enterprise deployments
* Fixed pricing config response per model to include integration-level adjustments
* Fixed workspace usage-limits validation when invalid values were passed
* Fixed Terraform workspace update with non-ASCII (Unicode space) characters
* Fixed user-removal scope check on workspace `removeUsers`
## v1.14.0
***
### API Key Rotation — Generally Available
* **API key rotation is now generally available**
* Use API key rotation scopes (`*.rotate`) for organisation-service, workspace-service, and workspace-user API key types
* [Documentation](/product/enterprise-offering/org-management/api-key-rotation)
### Integration Security Settings
* Added new **organization security settings** to control workspace manager write access for:
* **Workspace Integrations** (`managersWriteWsIntegrations`)
* **MCP Integrations** (`managersWriteWsMcpIntegrations`)
* **MCP Servers** (`managersWriteMcpServers`)
* All three settings are **enabled by default** and support **workspace-level overrides**
* [Documentation](/product/administration/configure-integration-access-permissions)
### MCP Server User Connections API
* New **List Connections** API (`GET /v1/mcp-servers/:mcpServerId/connections`) to retrieve user connections for an MCP server with pagination support
* New **Revoke Connection** API (`DELETE /v1/mcp-servers/:mcpServerId/connections`) to revoke a user's connection to an MCP server
* Admins and workspace managers can view and revoke connections for any user; non-admin users can only manage their own connections
### SCIM Enhancements
* SCIM provisioning now accepts **case-insensitive roles** — `Admin`, `admin`, and `ADMIN` are all treated identically for both organization and workspace role assignments
### Self-Hosting Improvements
* Added **configurable MySQL reader** with HADR (High Availability Disaster Recovery) mode for writer failover
* New environment variables: `DB_READER_HOST`, `DB_READER_USER`, `DB_READER_PASS`, `DB_READER_PORT`
* Enable HADR mode with `MYSQL_WRITER_HADR_MODE=ON` — the backend continues serving reads when the writer is unavailable and reconnects automatically
* Health endpoint reports `degraded` status when writer is unavailable in HADR mode
### Security
* Removed `x-powered-by` response header for improved security posture
### Guardrails Updates
* Added new **Lasso Classifier** check (`lasso.classify`) and updated Lasso integration schema with optional `apiEndpoint` for self-hosted deployments
* [Documentation](/integrations/guardrails/lasso)
### Fixes and Improvements
* Fixed SCIM group update to skip workspace update when workspace is not found
* Fixed workspace deletion to handle emoji characters when triggered from API keys (Terraform)
* Fixed `last_updated_by` field for API key defaults configuration
* Security dependency updates
## v1.13.0
***
### API Key Rotation
* Added **API key rotation** with support for automatic and manual rotation
* Configure rotation policies when creating or updating API keys with `rotation_policy` parameter:
* `rotation_period`: `weekly` or `monthly` auto-rotation schedule
* `next_rotation_at`: ISO 8601 date for the next scheduled rotation
* `key_transition_period_ms`: Grace period (minimum 30 minutes) during which both old and new keys are valid
* New **`POST /api-keys/:apiKeyId/rotate`** endpoint for manual key rotation — works with or without an auto-rotation policy
* Auto-rotation processor with email alerts for upcoming rotations, completed rotations, and expiry warnings
### Organization Session Management
* Added **session management** settings at the organization level
* Configure `session_settings` in organization auth settings with `max_session_ttl` (minimum 900 seconds / 15 minutes)
* When set, user sessions exceeding the TTL are automatically rejected, requiring re-authentication
### New Guardrail: Required Metadata Key-Value Pairs
* Added **Required Metadata Key-Value Pairs** guardrail (`default.requiredMetadataKeyPairs`) to validate that requests contain specified metadata key-value pairs
* Configurable parameters:
* `metadataPairs`: Object defining required key-value pairs
* `operator`: `all` (all pairs must match), `any` (at least one pair must match), or `none` (no pairs should match)
* Runs on the `beforeRequestHook`
### Rate Limits Enhancements
* Added **`rpw`** (requests per week) as a new rate limit unit alongside existing `rpm`, `rph`, and `rpd`
* Added **`endpoint_type`** as a new condition key for rate limit policies, allowing rate limits to target specific endpoint types (e.g., `chatComplete`, `embed`, `imageGenerate`)
* [Documentation](/product/enterprise-offering/budget-policies)
### Agent Gateway
* Added **Agent Gateway** with full CRUD APIs for managing agent integrations and agent servers
* Includes agent skills management, workspace-level access control, and user access management
* RBAC support for agent resources
### Self-Hosting Improvements
* Added **ClickHouse replication and sharding** support for high-availability analytics deployments
* Added support for **decoupled JWT authentication** in private deployments, allowing the data plane to validate tokens independently from the control plane
Requires Gateway v2.5.0 or higher
### Fixes and Improvements
* Fixed provisioning for empty groups
* Added `last_reset_at` field to API key, workspace, integration, and virtual key responses
* Model configuration and pricing updates
* Security dependency updates
## v1.12.1
***
### New Guardrail: Akto Agentic Security
* Added **Akto Agentic Security** guardrail integration for advanced threat detection and security scanning of LLM inputs and outputs
* [Documentation](/integrations/guardrails/akto)
### New Guardrail: Inline Image URLs
* Added **Inline Image URLs** guardrail that fetches external image URLs and converts them to Base64 inline data
* Useful for VPC-SC environments where LLM providers cannot access external URLs
* Configurable parameters: `providers` (target providers), `maxSizeBytes` (default: 20MB), `timeoutMs` (default: 30000), `failOnError` (default: false)
### AWS Bedrock Guardrails
* Added optional **Custom Host** field to the Bedrock guardrail integration schema, allowing use of private or custom Bedrock endpoints
### Fixes and Improvements
* Fixed SCIM user update validation to correctly handle user reactivation flows
* Model configuration and pricing updates across multiple providers
* Security dependency updates
## v1.12.0
***
This version requires a Helm chart upgrade to **app-1.6.0** or higher to function correctly.
### Secret Manager Integrations
* Added **Secret References** - a new enterprise feature for managing external secret manager integrations with full CRUD API
* Supports three secret manager backends:
* **AWS Secrets Manager** - with access key, assumed role, and service role authentication
* **Azure Key Vault** - with Entra ID, managed identity, and default credential authentication
* **HashiCorp Vault** - with token, AppRole, and Kubernetes authentication
* Secret references can be mapped to **integrations** and **virtual keys** via `secret_mappings`, allowing provider credentials to be dynamically fetched from external secret managers at runtime
* Workspace-level access control for secret references with `allow_all_workspaces` or scoped `allowed_workspaces`
* Requires `secret_references` RBAC permissions (available to org owners and admins)
* [Documentation](/product/enterprise-offering/secret-references)
### New Guardrail: Zscaler AI Guard
* Added **Zscaler AI Guard** guardrail integration for enforcing Zscaler Detections Policies on LLM inputs and outputs
* Supports `beforeRequestHook` and `afterRequestHook` hooks
* Configurable parameters: `policyId` (required) and `timeout` (default: 10000ms)
* [Documentation](/integrations/guardrails/zscaler)
### GCP Workload Identity Federation for Log Storage
* Added support for **GCP Workload Identity Federation (WIF)** to authenticate with Google Cloud Storage from AWS-hosted deployments
* New environment variables: `GCP_WIF_AUDIENCE` and `GCP_WIF_SERVICE_ACCOUNT_EMAIL`
* Enables cross-cloud log storage using `gcs_assume` log store type with AWS-to-GCP federated authentication
### Analytics Enhancements
* Extended analytics graph, group, and summary routes to support **archived workspaces** for organization admins and owners
* Saved filters now support workspace slugs in addition to workspace IDs
### Fixes and Improvements
* Improved JWT authentication error responses with more descriptive error messages
* Added `log_format` field to the get-log API response
* Fixed ClickHouse migration file sorting to use numeric ordering
* Security dependency updates and Docker image optimizations
## v1.11.2
***
### Analytics Enhancements
* Added **generic grouped analytics endpoint** (`GET /v1/analytics/groups/:groupBy` and `GET /v1/logs/groups/:groupBy`) with configurable columns
* Supports grouping by: `ai_service`, `model`, `status_code`, `api_key`, `config`, `workspace`, `provider`, `prompt`
* Configurable columns via query parameter: `cost`, `total_tokens`, `avg_tokens`, `avg_input_tokens`, `avg_output_tokens`, `avg_latency`, `p95_latency`, `p99_latency`, `success_rate`, `error_count`, `cache_hit_rate`, `last_seen`, `first_seen`
* Default response includes only request count; additional columns are opt-in via `columns` parameter
* Analytics chart routes now support viewing data from **archived workspaces** for organization admins and owners
### Workspace Management API Enhancements
* Added `status` query parameter to the workspace list API (`GET /workspaces`) to filter by workspace status
* Supports comma-separated values: `active`, `archived`
* Only admins and owners can list archived workspaces
### Integration Creation API Enhancements
* Added `create_default_provider` and `default_provider_slug` fields to the **integration creation** API for workspace integrations
* Custom provider slugs can be set during integration creation, and default provider creation can be skipped by setting `create_default_provider: false`
### Prompts API Enhancements
* Added `patch` flag to `PUT /prompts/{promptId}` to enable **partial version field updates**
* When `patch: true`, missing version fields (`string`, `parameters`, `metadata`, model) are automatically backfilled from the current latest version, allowing updates to individual fields without resending all version data
### Gateway Config Updates
* Added `azure_entra_scope` option to the gateway config schema for specifying custom Azure Entra ID authentication scopes at the config level
### Fixes and Improvements
* Internal caching optimizations for workspace authorization queries
* Fixed cache key handling for workspace status in admin views
## v1.11.1
***
### SSO Enhancements
* Added `OIDC_CUSTOM_SCOPES` environment variable to configure additional custom OIDC scopes (comma-separated) for airgapped deployments
* [Documentation](/product/enterprise-offering/org-management/sso)
### Fixes and Improvements
* Fixed workspace usage limit check to correctly consider current usage when fetching workspace details
* Fixed integration and MCP integration workspace bulk update to allow passing an empty workspace array when using the override access flag
* Security dependency updates
## v1.11.0
***
### Data Visibility Security Settings
* Added new **Data Visibility** security settings to control whether workspace members and managers can view all observability data or only their own
* `membersViewAllData` - when `false`, members can only see logs and analytics generated by their own API keys
* `managersViewAllData` - when `false`, managers can only see logs and analytics generated by their own API keys
* Both settings default to `true` (no restriction). Organization Owners and Admins always have full access
* Supports **workspace-level overrides** via the new `data_visibility` override category
* Applied across all log, analytics, trace, and generation routes
* [Documentation](/product/administration/configure-data-visibility-settings)
### Usage Limits
* Fixed alert and status reset behavior when credit limits or alert thresholds are updated
* Increasing the credit limit now properly resets both threshold and exhausted alerts
* Increasing the alert threshold (or setting it to null) properly resets threshold alerts
* Applies to API keys, virtual keys, and integration workspaces
### Model Config Updates
* Updated model configurations and pricing across 50+ providers including Anthropic, Azure OpenAI, Bedrock, Google, OpenAI, Vertex AI, and many more
### Fixes and Improvements
* Fixed analytics security settings migration to correctly handle boolean defaults
* Security dependency updates and CVE fixes
## v1.10.0
***
### Prompt Access Control
* Added new **Prompt Management** security settings to control prompt access per role
* `membersViewPrompts` / `membersWritePrompts` - control whether workspace members can view or edit prompts
* `managersViewPrompts` / `managersWritePrompts` - control whether workspace managers can view or edit prompts
* Defaults: members can view but not write; managers can view and write. Organization Owners and Admins always have full access
* Supports **workspace-level overrides** for per-workspace prompt access configuration
* [Documentation](/product/administration/configure-prompt-access-permissions)
### Custom Workspace Budget Reset Intervals
* Added support for **custom periodic reset intervals** via `periodic_reset_days` (1–365 days) for workspace usage limits
* Optionally set `next_usage_reset_at` (ISO 8601) to control when the first reset occurs
* `periodic_reset_days` is mutually exclusive with the existing `periodic_reset` (`weekly`/`monthly`) option
* [Documentation](/product/administration/enforce-workspace-budget-limts-and-rate-limits)
### SCIM User-Based Group Management (AirGapped only)
* Added support for managing group memberships via the SCIM `/Users` endpoint when `SCIM_MEMBERSHIP_USER_MODE=ON` is set
* User SCIM responses now include a `groups` attribute with current group memberships
* Group member operations on `/Groups` PATCH are skipped in this mode to avoid conflicts
* [Documentation](/product/enterprise-offering/org-management/scim/group-management)
### Vertex AI Workload Identity Federation
* Added **Workload Identity Federation** as a new authentication type for Vertex AI integrations, enabling keyless authentication for GKE and Cloud Run deployments
### Integration Workspaces API Enhancements
* Added `default_provider_slug` and `create_default_provider` fields to the bulk update integration workspaces API
* Custom provider slugs can be set per workspace or globally when granting workspace access
* Default provider creation can be skipped by setting `create_default_provider: false`
### Fixes and Improvements
* Fixed SCIM group deletion to correctly clean up the group even when no workspace mapping exists
* Security dependency updates
## v1.9.0
***
### Analytics Access Control
* Added new **Analytics Management** security settings to control analytics visibility per role
* `membersViewAnalytics` - control whether workspace members can view analytics
* `managersViewAnalytics` - control whether workspace managers can view analytics
* Both settings are enabled by default. Organization Owners and Admins always have full access
* Supports **workspace-level overrides** for per-workspace analytics access configuration
* [Documentation](/product/administration/configure-analytics-access-permissions)
### MCP Enhancements
* MCP integration and server list APIs now return **metadata** including title, description, icons, server name/version, protocol version, and sync status
* Added new `GET /mcp-servers/:id/metadata` endpoint for fetching detailed MCP server metadata
### Private Deployment Feature Flags
* Simplified feature flag configuration for private (self-hosted) deployments. The following features are now **enabled by default**. Set `OFF` to explicitly disable the following features:
* Guardrails (`GUARDRAILS_ENABLED`)
* API Access (`API_ACCESS_ENABLED`)
* Data Exports (`DATA_EXPORTS_ENABLED`)
* Usage & Rate Limits (`USAGE_LIMITS_ENABLED`)
* Audit Logs (`AUDIT_LOGS_ENABLED`)
* SCIM (`SCIM_ENABLED`)
* Policy (`POLICY_ENABLED`)
* `LOG_RETENTION_DISPLAY` and `METRICS_RETENTION_DISPLAY` default to 90 days and 365 days respectively.
Set the corresponding feature flag to `OFF` to explicitly disable the features you don't need.
### Fixes and Improvements
* Fixed deployment workspace settings to correctly scope deployments per workspace for Prompt Playground calls
* Fixed `allow_all_workspaces` flag determination in deployment updates
* Added memory cache for user organization details for improved performance
* Optimized SCIM API queries by skipping unnecessary count operations
* Security dependency updates
## v1.8.0
***
### Gateway Deployments
* Introduced **production** and **non-production** deployment types with separate limits for each. You can now categorize gateway deployments by type and manage limits independently
* Added deployment **slugs** for human-readable identifiers and **deployment config** support for custom configuration
* Deployments now have dedicated RBAC permissions (`deployments:create`, `deployments:read`, `deployments:update`, `deployments:delete`, `deployments:list`) separate from workspace permissions
* Added support for filtering deployments by `type` (production/non-production) in the list endpoint
### New Guardrails
* **CrowdStrike AIDR**: Added partner integration with CrowdStrike AI Detection and Response for scanning LLM inputs and outputs. Supports blocking or redacting content based on configured rules
* [Documentation](/integrations/guardrails/crowdstrike-aidr)
### Usage & Rate Limit Policies
* Policies are enhanced with new conditions. Refer to [Documentation](/product/enterprise-offering/budget-policies) for more details.
* Alert emails are now sent to **workspace admins and managers** in addition to organization admins
### API Key Management
* Workspace **managers** can now create API keys on behalf of other users by specifying a `user_id` (previously restricted to workspace admins and org admins/owners)
### Vertex AI Integration
* Added optional `skipPtuCostAttribution` field for Vertex AI integrations and virtual keys to skip PTU cost attribution when needed
### MCP Enhancements
* MCP is now enabled for all plans
* Added MCP server capabilities and user access control management
### Fixes and Improvements
* Fixed some issues related to SCIM for JumpCloud
* Updated dependencies to fix security vulnerabilities
## v1.7.3
***
### Integrations & Providers API
* Added **tags support** for integrations and providers. You can now:
* Add custom key-value tags when creating or updating integrations/providers
* Filter integrations and providers by tags in list endpoints
* Use tags to organize and categorize your AI provider connections
### Observability
* Streamlined logging configuration for better observability
### MCP OAuth Enhancements
* Token introspection endpoint now returns `email` and `username` fields for richer user context
### JWT Authentication
* Added read and list scopes to control plane resources for JWT-authenticated requests
### Fixes and Improvements
* Security updates to dependencies
* Added `anthropic_beta` parameter support in config schema
* Improved filter boundary handling in usage limits
* SCIM result index fixes
## v1.7.2
***
### Fixes and Improvements
* Security updates to dependencies
## v1.7.1
***
### Fixes and Improvements
* Made organization ID optional during SSO user provisioning for improved flexibility
* Fixed cache key validation edge cases
* Improved SCIM query parsing to handle edge cases safely
## v1.7.0
***
### Workspace Deployments
* Introduced **workspace-based deployment restrictions**. You can now configure gateway deployments to be accessible only from specific workspaces, enabling better multi-tenant isolation and access control
* New deployment management endpoints support workspace assignment during create and update operations
### Policy Entities API
* Added new endpoint to retrieve entities (API keys, workspaces, users) associated with usage and rate limit policies
### SSO Auto-Provisioning
* First-time SSO users are now **automatically provisioned** to the organization when they log in via OIDC or SAML
* Pending invites are automatically accepted during SSO login
* Eliminates manual user provisioning steps for SSO-enabled organizations
### Workspace Budget Auto-Reactivation
* Exhausted workspace budgets now **automatically reactivate** when the credit limit is increased
* No manual intervention required to resume operations after increasing budget limits
### Custom API Key Periodic Reset
* Configure **custom periodic reset schedules** for API key usage beyond the standard weekly/monthly options
* Set specific reset intervals that align with your billing or usage tracking requirements
### JWT Workspace Guardrails Fix
* **Fixed**: Workspace-level input and output guardrails configured in the dashboard are now correctly applied when using JWT authentication
* Previously, these guardrails were only enforced when using workspace API keys
### New Providers
* Added **Oracle Cloud Infrastructure (OCI)** Generative AI as a supported provider
### Private Deployment Pricing
* Self-hosted deployments can now access model pricing configurations for accurate cost tracking
* **Data Source Priority**: Memory Cache (1hr TTL) → Proxy Service → Log Store → Local Files
**Environment Variables**
| Variable | Description |
| ------------------------------------------- | ------------------------------------------------- |
| `MODEL_CONFIGS_PROXY_FETCH_ENABLED` | Set to `ON` to enable fetching from proxy service |
| `MODEL_CONFIGS_PROXY_URL` | Base URL of the config proxy service |
| `MODEL_CONFIGS_PRICING_LOG_STORE_PATH` | Log store path for pricing configs |
| `MODEL_CONFIGS_CAPABILITIES_LOG_STORE_PATH` | Log store path for capabilities configs |
| `MODEL_CONFIGS_CAPABILITIES_LOCAL_PATH` | Custom local path for capabilities JSON files |
| `MODEL_CONFIGS_PRICING_LOCAL_PATH` | Custom local path for pricing JSON files |
**Configuration Methods**
* **Proxy Service**: Set `MODEL_CONFIGS_PROXY_FETCH_ENABLED=ON` and `MODEL_CONFIGS_PROXY_URL`. Fetches from `{PROXY_URL}/general/{provider}` and `{PROXY_URL}/pricing/{provider}`
* **Log Store**: Set `MODEL_CONFIGS_PRICING_LOG_STORE_PATH` and `MODEL_CONFIGS_CAPABILITIES_LOG_STORE_PATH`.
* **Local Files**: Set `MODEL_CONFIGS_CAPABILITIES_LOCAL_PATH` and `MODEL_CONFIGS_PRICING_LOCAL_PATH`. Falls back to local configs in the image if not set
Portkey hosted configurations can be fetched by setting `MODEL_CONFIGS_PROXY_URL` to `https://configs.portkey.ai`.
For complete air-gapped deployment setup including Gateway configuration, see the [Air-Gapped Model Pricing guide](/self-hosting/airgapped/model-pricing).
### Fixes and Improvements
* Analytics timezone grouping improvements
* Improved error messages for configuration validation (AB01 errors)
* Added service identifier to health check response
* Conditional Redis worker initialization for improved startup performance
## v1.6.2
***
### API Key Expiry
* Expired API keys are now automatically marked as expired by a background worker process
* Ensures consistent key state management without manual intervention
### MySQL SSL Modes
* Added support for external MySQL SSL connection modes via the `DB_SSL` environment variable
| SSL Mode | Description |
| ----------------- | -------------------------------------------------- |
| `DISABLED` | SSL disabled, plain connection |
| `PREFERRED` | Use SSL if available, fallback to plain |
| `REQUIRED` | SSL required, but skip certificate verification |
| `VERIFY_CA` | SSL required, verify server certificate against CA |
| `VERIFY_IDENTITY` | SSL required, verify certificate and hostname |
| `Amazon RDS` | Use Amazon RDS SSL bundle for connections |
**Certificate Environment Variables** (for `VERIFY_CA` and `VERIFY_IDENTITY` modes):
| Variable | Description |
| ------------- | -------------------------------------- |
| `DB_SSL_CA` | CA certificate for server verification |
| `DB_SSL_CERT` | Client certificate (for mutual TLS) |
| `DB_SSL_KEY` | Client private key (for mutual TLS) |
### Fixes and Improvements
* Fixed scopes validation for API key authentication
* Fixed authorization query filter edge cases
* Workspace usage reset migration improvements
## v1.6.1
***
### New Providers & Plugins
* Added new plugin providers: Javelin, Qualifire, and Walled
### Guardrails Updates
* Added new request params check guardrail schema
* Configuration
* tools — Controls which tools can be used in requests:
* blockedTypes / allowedTypes — Filter by tool type
* blockedFunctionNames / allowedFunctionNames — Filter by function name
* params — Controls request-level parameters:
* blockedKeys / allowedKeys — Filter by parameter key
* values — Per-key value constraints with blockedValues / allowedValues
```json theme={"system"}
{
"tools": {
"blockedTypes": ["code_interpreter"],
"allowedTypes": ["function"],
"blockedFunctionNames": ["delete_all", "drop_database"],
"allowedFunctionNames": ["get_weather", "search", "calculate"]
},
"params": {
"blockedKeys": ["system", "seed"],
"allowedKeys": ["model", "messages", "temperature", "max_tokens", "tools"],
"values": {
"model": {
"blockedValues": ["gpt-4-32k"],
"allowedValues": ["gpt-4o", "gpt-4o-mini", "gpt-3.5-turbo"]
},
"temperature": {
"allowedValues": [0, 0.5, 1]
}
}
}
}
```
### Analytics & Metrics
* Updated aggregate metrics to send total tokens for `/spans` endpoint
### Workspace Access Control
* Implemented workspace manager role restriction for adding users with higher privileges
### Fixes and Improvements
* Made SCIM group parsing more robust to use lowercase role
* Simplified log exports for Hybrid deployments
* Security updates to dependencies.
## v1.6.0
***
### SCIM Group Workspace Mapping
* Introduced flexible group-to-workspace mapping, allowing you to provision groups from your identity provider (Okta or Azure Entra) with any naming convention and map them to Portkey workspaces and roles directly from the Portkey Control Plane
* [Documentation](/product/enterprise-offering/org-management/scim/group-management)
### Fixes and Improvements
* Fixed an issue where archived usage limit policies were not being skipped during processing
* Fixed non-streaming playground request errors caused by header conflicts
* Added support for `aws_region` parameter in Bedrock integration for `serviceRole` auth type.
## v1.5.1
***
### Improvements
* Added support to read logs based on the path format identifier released in Gateway v1.17.0
* Added backend dependencies for the new F5 Guardrails
* Fixed an issue where workspace-created integrations were not being cleaned up when a workspace was deleted
## v1.5.0
***
### Usage and Rate Limit Policy
* Introduced usage limits and rate limit policy APIs, which allow organizations to apply flexible budget and rate limit controls based on dynamic conditions (API keys, metadata, workspace, etc.).
* More details: [Documentation](/product/enterprise-offering/budget-policies) and [API Reference](/api-reference/admin-api/control-plane/policies)
### DB Migrations
* Added new column in ClickHouse to store the log object path format identifier
## v1.4.0
***
**Requires a Helm repo update (>app-1.4.0)**
### Security Patch
* Removed root user from container image (BREAKING CHANGE). The container image used by this chart no longer runs as root. The image now runs processes with a non-root UID and enforces a non-root container securityContext. Requires Helm repo upgrade (>app-1.4.0) to deploy the new image and chart settings.
### Customizable Email Templates
* Added new environment variable to enable customization of branding elements (logo, company name, support email, docs URL) and template paths.
### Deployment Configurations
* Added deployment management endpoints (create, list, get, update) to configure gateway deployments on the control plane
## v1.3.3
***
### Fixes and Improvements
* Added deduplication logic for default workspace guardrails to avoid duplicate guardrail slug entries
* Minor enhancements to return more details in the list traces API
* Updated JWT Guardrail schema to support new parameters added in the latest Gateway build
* Fixed edge cases where workspace slugs were not handled for integrations API
* Updated internal dependencies to patch security vulnerabilities
## v1.3.2
***
### Workspace Grouped Analytics API
* Introduced a new API that aggregates and returns analytics data grouped by workspace, with support for multi-dimensional grouping and cost-based filtering.
### Multi-Organization SSO Support
* Added enhancements to allow users to authenticate via SSO across multiple organizations
### Fixes and Improvements
* Added `mcp.invoke` permission for workspace API keys
* Fixed an issue where prompt version label mapping was not being cleaned up when a label was deleted
* Streamlined slug and name validations across providers and integrations APIs. Both slug and name can now have a maximum length of 255 characters
* Fixed edge cases where workspace slugs were not handled for integrations API
## v1.3.1
***
### Guardrails Schema Updates
* Updated schema to support the following two new guardrails:
* **Add Prefix**: Add a configurable prefix to the user's input before sending to the model
* **Allowed Request Types**: Control which request types (endpoints) can be processed. Use either an allowlist or blocklist approach
## v1.3.0
***
### MCP Preview Release
* Added MCP management APIs and OAuth support
### Organization and Workspace Security Settings
* Introduced Configs Security Settings to control configs view and edit access for member and manager roles
* Introduced workspace-level user API key limits to restrict the maximum number of user API keys per workspace
* Added user API key expiry settings with configurable default and maximum expiry durations
### SCIM Enhancements
* Introduced a new setting (SCIM Provisioning for Organization Management) to allow organization user management only through SCIM while enabling workspace user management via Portkey
### API Key Management API Enhancements
* Updated the list api-keys response to not return raw keys for other user API keys
* Fixed issues with pagination total count and made the logic more robust to handle created\_at conflicts
* Enhanced the `current_usage` field in the usage\_limits object to show fractions for more accurate tracking
### Workspace Management API Enhancements
* Added workspace budget reset functionality with periodic reset options in the update workspaces API
* Added strict workspace name filter in the list workspaces API for improved search accuracy
* Fixed workspace API keys cache invalidation when budget exhausts
* Made workspace budgets periodic reset field nullable for flexibility
### AWS Bedrock Enhancements
* Added AWS service authentication as a new auth type for Bedrock integrations
### Fixes and Improvements
* Streamlined the Model Catalog APIs to accept slugs in URLs for all eligible endpoints
* Fixed pagination bug in the list users API (`/admin/users`)
* Made the inference component field optional for AWs Sagemaker Integrations
* Added a setting to disable the Getting Started page
* Improved error handling when a user is already part of an organization during invite join attempts
* Added strict validations for `rate_limits` and `usage_limits` across api-keys, providers, integrations, and workspaces for data consistency
* Added JWT errors to audit logs for better security tracking
* Fixed integration `global_workspace_access_settings` rate limits to map correctly