Skip to main content
Modern SaaS platforms face a critical challenge when adding AI capabilities: how to provide thousands of customers with access to powerful language models while maintaining predictable costs, ensuring fair resource allocation, and preventing abuse. Consider a typical scenario: Your B2B SaaS platform serves 5,000 users across 200 customer accounts. Each customer wants to leverage AI for different use cases - some need GPT-4 for complex analysis, others require Claude for writing tasks, and many are satisfied with GPT-3.5 for basic queries. Without proper infrastructure, you risk:
  • Uncapped Costs: A single customer consuming $10,000 in API credits overnight
  • Resource Contention: Power users monopolizing API capacity
  • Security Vulnerabilities: Shared API keys creating audit and compliance issues
  • Poor User Experience: No visibility into usage limits or remaining budgets
  • Operational Complexity: Managing multiple provider APIs without unified controls
This guide demonstrates how to build production-ready AI features that give your customers flexibility while maintaining enterprise-grade control and predictability.

What You’ll Build

This architecture enables:
  • Individual Usage Controls: Per-customer API keys with configurable limits
  • Dynamic Model Access: Customers see only authorized models based on their subscription tier
  • Real-time Budget Management: Automatic enforcement of spending caps
  • Comprehensive Observability: Usage analytics at customer, account, and platform levels
  • Provider Abstraction: Single API interface across OpenAI, Anthropic, Google, and more

Architecture Overview

The solution uses Portkey as an intelligent gateway between your application and LLM providers: The architecture provides three key abstraction layers:
  1. Customer Layer: Your application issues individual API keys to customers
  2. Gateway Layer: Portkey handles routing, validation, and enforcement
  3. Provider Layer: Your LLM credentials remain secure and centralized

Prerequisites

Before implementing this solution, ensure you have:
  • Portkey account with admin/owner role on organization access
  • API credentials from your chosen LLM providers

Step 1: Establishing Organizational Structure

Understanding the Hierarchy

Before diving into configuration, let’s understand how Portkey organizes access control. The platform uses a three-tier hierarchy that maps naturally to business structures:
Why this structure?
  • Organization: Sets platform-wide policies and defaults
  • Workspaces: Groups customers with similar needs (e.g., all Enterprise customers)
  • API Keys: Individual access points with customer-specific limits

Configuring Organization Settings

We will first start with first setting up some organisation properites for Portkey. Navigate to your organization settings to establish platform-wide rules.
Organization settings page

A. Metadata Schema Enforcement

What is Metadata? Metadata in Portkey is custom key-value pair attached to every AI request. Think of it as tags that help you track who’s using AI, how they’re using it, and what it’s costing you. This becomes crucial when you have thousands of customers making millions of requests. For example, metadata helps you answer questions like:
  • Which customer made this request?
  • What feature in your app triggered it?
  • Which subscription tier should be billed?
  • What was the user trying to accomplish?

Learn About Metadata

Deep dive into metadata configuration and best practices
Define required metadata fields for subscription_tier:
This schema ensures every API key created has proper tagging for cost allocation and compliance.

Step 2: Workspace Design for Customer Segmentation

Creating Customer Workspaces

Workspaces are containers that group customers with similar characteristics. Let’s create workspaces for different customer tiers: To create a new workspace:
  1. Click on your current workspace name in the sidebar
  2. Click ”+ Add Workspace”
  3. Configure the workspace with appropriate settings
Workspace creation interface
For each workspace, configure:
Create three workspaces (for example):
  • workspace-enterprise - For your highest-tier customers
  • workspace-professional - For mid-tier customers
  • workspace-starter - For entry-level customers

Step 3: Connecting AI Providers

Creating Provider Integrations

Integrations securely store your provider credentials while enabling controlled access. Think of them as secure vaults that your workspaces can access without ever exposing the actual API keys.

Learn About Integrations

Complete guide to managing AI provider integrations
OpenAI integration setup
Set up your primary provider:
  1. Navigate to IntegrationsCreate New Integration
  2. Select your AI provider (e.g., OpenAI)
  3. Configure the integration:

Workspace Provisioning

When creating the integration, configure which workspaces can access it and set appropriate budget and rate limits for your integration:
Workspace provisioning with tier-based access
For each workspace, click the edit icon to configure:

Model Provisioning

Define which models your integration can access:
Model provisioning interface
Configure model access strategically by tier:

Model Rules with Guardrails (Advanced)

For fine-grained control over model access based on metadata, use Portkey’s Guardrails feature:
  1. Navigate to GuardrailsModel Rule Guardrail
  2. Create a new guardrail with your routing rules:
  1. Attach the guardrail at the workspace level by going to Workspace Control
  2. Alternatively, attach it to individual API keys using configs

Learn About Guardrails

Explore content filtering, PII detection, and model routing rules

Step 4: Customer API Key Management with Budget Limits and Metadata

Programmatic Key Generation

Now let’s create individual API keys for your customers. Each customer gets their own key with specific budget and rate limits:
You need to use Admin API key here and not Workspace API key. You can find it on Admin settings -> API Keys

Step 5: Customer-Facing Integration

Dynamic Model Discovery

Provide customers with real-time access to their available models:

Real-Time Usage Display

Show customers their usage and remaining budget:
Budget and usage display

Step 6: Observability and Analytics

Accessing Analytics

Portkey provides comprehensive analytics at multiple levels. Access your analytics dashboard to monitor:
Key Metrics to Track:
  • Total requests by customer tier
  • Cost distribution across models
  • Error rates and types
  • Peak usage times
  • Customer usage patterns

Conclusion

You’ve successfully built a multi-tenant AI infrastructure that provides:
  • Individual customer control with per-user API keys and budgets
  • Tiered access to models based on subscription levels
  • Automatic enforcement of spending and rate limits
  • Complete visibility into usage patterns and costs
  • Enterprise security with encrypted keys and audit trails
Your customers get powerful AI capabilities with transparent limits. Your business gets predictable costs and complete control. Your engineering team gets a simple, maintainable solution.

Next Steps

Explore these related resources to get the most out of your private LLM integration:

Universal API

Adding Metadata

Gateway Configs

Request Tracing

Additional Resources


For support and questions, contact support@portkey.ai or visit our documentation
Last modified on September 9, 2025