This guide will help you implement enterprise-grade security, observability, and governance for OpenWebUI using Portkey. While OpenWebUI supports various provider plugins, Portkey provides a unified interface for all your LLM providers, offering comprehensive features for model management, cost tracking, observability, and metadata logging.

For IT administrators deploying centralized instances of OpenWebUI, Portkey enables essential enterprise features including usage tracking, access controls, and budget management. Let’s walk through implementing these features step by step.

Understanding the Implementation

When implementing Portkey with OpenWebUI in your organization, we’ll follow these key steps:

Basic OpenWebUI integration with Portkey
Setting up organizational governance using Virtual Keys and Configs
Managing user access and permissions

If you’re an individual user just looking to use Portkey with OpenWebUI, you only need to complete Steps 1 and 2 to get started.

1. Basic Integration

Let’s start by integrating Portkey with your OpenWebUI installation. This integration uses OpenWebUI’s pipeline functionality to route all requests through Portkey’s Platform.

Installing the Portkey Plugin

Start your OpenWebUI server
Navigate to Workspace and then go to the Functions section
Click on the + button in UI
Copy and paste the Portkey plugin code

2. Setting Up Portkey Pipeline

To use OpenWebUI with Portkey, you’ll need to configure three key components:

Portkey API Key: Get your Portkey API key from here. You’ll need this for authentication with Portkey’s services.

Virtual Keys: Virtual Keys are Portkey’s secure way to manage your LLM provider API keys. They provide essential controls like:

Budget limits for API usage
Rate limiting capabilities
Secure API key storage

Craeate a Virtual Key in your Portkey dashboard and save it for future use.

For detailed information on budget limits, refer to this documentation

Using Configs (Optional): Configs in Portkey enhance your implementation with features like advanced routing, fallbacks, and retries. Here’s a simple config example that implements 5 retry attempts on server errors:

{
    "retry": {
        "attempts": 5
    },
    "virtual_key": "virtual-key-xxx"
}

You can create and store these configs in Portkey’s config library. This can later be accessed on using the Config Slug in Open WebUI.

Configs are highly flexible and can be customized for various use cases. Learn more in our Configs documentation.

3. Configure Pipeline Variables

The pipeline setup involves configuring both credentials and model access in OpenWebUI.

Credentials Setup:

In OpenWebUI, navigate to Workspace → Functions
Click the Valves button to open the configuration interface
Add the following credentials:
- Your Portkey API Key
- Config slug (if using Configs)
- Base URL (only needed for Open Source Gateway users)

Model Configuration

In the Functions section, click the ... button and select Edit
Find the virtual keys JSON object in the Portkey function code

Update it with your virtual keys:

"virtual_keys": {
    "openai": "YOUR_OPENAI_VIRTUAL_KEY",
    "anthropic": "YOUR_ANTHROPIC_VIRTUAL_KEY"
}

Configure model names in the pipe function in this format:

 {
     "id": "provider_slug_from_portkey/model_id_from_provider", // syntax for ID
     "name": "provider_slug_from_portkey/model_id_from_provider", // for easier navigation
 }

Example:

    {
        "id": "openai/gpt-4o",
        "name": "openai/gpt-4o",
    }

Make sure you use the correct provider slug from Portke docs. Ex: perplexity-ai is correct. perplexity is wrong

5. Save your changes

4. Set Up Enterprise Governance for OpenWebUI

Why Enterprise Governance? If you are using OpenWeb UI inside your orgnaization, you need to consider several governance aspects:

Cost Management: Controlling and tracking AI spending across teams
Access Control: Managing which teams can use specific models
Usage Analytics: Understanding how AI is being used across the organization
Security & Compliance: Maintaining enterprise security standards
Reliability: Ensuring consistent service across all users

Portkey adds a comprehensive governance layer to address these enterprise needs. Let’s implement these controls step by step.

Enterprise Implementation Guide

Step 2: Define Model Access Rules

As your AI usage scales, controlling which teams can access specific models becomes crucial. Portkey Configs provide this control layer with features like:

Access Control Features:

Model Restrictions: Limit access to specific models
Data Protection: Implement guardrails for sensitive data
Reliability Controls: Add fallbacks and retry logic

Example Configuration:

Here’s a basic configuration to route requests to OpenAI, specifically using GPT-4o:

{
	"strategy": {
		"mode": "single"
	},
	"targets": [
		{
			"virtual_key": "YOUR_OPENAI_VIRTUAL_KEY",
			"override_params": {
				"model": "gpt-4o"
			}
		}
	]
}

Create your config on the Configs page in your Portkey dashboard. You’ll need the config ID for connecting to OpenWeb UI’s setup.

Configs can be updated anytime to adjust controls without affecting running applications.

Step 3: Implement Access Controls

Create User-specific API keys that automatically:

Track usage per user/team with the help of virtual keys
Apply appropriate configs to route requests
Collect relevant metadata to filter logs
Enforce access permissions

Create API keys through:

Example using Python SDK:

from portkey_ai import Portkey

portkey = Portkey(api_key="YOUR_ADMIN_API_KEY")

api_key = portkey.api_keys.create(
    name="engineering-team",
    type="organisation",
    workspace_id="YOUR_WORKSPACE_ID",
    defaults={
        "config_id": "your-config-id",
        "metadata": {
            "environment": "production",
            "department": "engineering"
        }
    },
    scopes=["logs.view", "configs.read"]
)

For detailed key management instructions, see our API Keys documentation.

Enterprise Features Now Available

OpenWeb UI now has:

Departmental budget controls
Model access governance
Usage tracking & attribution
Security guardrails
Reliability features

Portkey Features

Now that you have enterprise-grade Zed setup, let’s explore the comprehensive features Portkey provides to ensure secure, efficient, and cost-effective AI operations.

1. Comprehensive Metrics

Using Portkey you can track 40+ key metrics including cost, token usage, response time, and performance across all your LLM providers in real time. You can also filter these metrics based on custom metadata that you can set in your configs. Learn more about metadata here.

2. Advanced Logs

Portkey’s logging dashboard provides detailed logs for every request made to your LLMs. These logs include:

Complete request and response tracking
Metadata tags for filtering
Cost attribution and much more…

3. Unified Access to 1600+ LLMs

You can easily switch between 1600+ LLMs. Call various LLMs such as Anthropic, Gemini, Mistral, Azure OpenAI, Google Vertex AI, AWS Bedrock, and many more by simply changing the virtual key in your default config object.

4. Advanced Metadata Tracking

Using Portkey, you can add custom metadata to your LLM requests for detailed tracking and analytics. Use metadata tags to filter logs, track usage, and attribute costs across departments and teams.

Custom Metata

5. Enterprise Access Management

Budget Controls

Set and manage spending limits across teams and departments. Control costs with granular budget limits and usage tracking.

Single Sign-On (SSO)

Enterprise-grade SSO integration with support for SAML 2.0, Okta, Azure AD, and custom providers for secure authentication.

Organization Management

Hierarchical organization structure with workspaces, teams, and role-based access control for enterprise-scale deployments.

Access Rules & Audit Logs

Comprehensive access control rules and detailed audit logging for security compliance and usage tracking.

6. Reliability Features

Fallbacks

Automatically switch to backup targets if the primary target fails.

Conditional Routing

Route requests to different targets based on specified conditions.

Load Balancing

Distribute requests across multiple targets based on defined weights.

Caching

Enable caching of responses to improve performance and reduce costs.

Smart Retries

Automatic retry handling with exponential backoff for failed requests

Budget Limits

Set and manage budget limits across teams and departments. Control costs with granular budget limits and usage tracking.

7. Advanced Guardrails

Protect your Project’s data and enhance reliability with real-time checks on LLM inputs and outputs. Leverage guardrails to:

Prevent sensitive data leaks
Enforce compliance with organizational policies
PII detection and masking
Content filtering
Custom security rules
Data compliance checks

Guardrails

Implement real-time protection for your LLM interactions with automatic detection and filtering of sensitive content, PII, and custom security rules. Enable comprehensive data protection while maintaining compliance with organizational policies.

FAQs

Next Steps

Join our Community

For enterprise support and custom features, contact our enterprise team.

Ecosystem

LLMs

Vector Databases

Agents

Libraries

​Understanding the Implementation

​1. Basic Integration

​2. Setting Up Portkey Pipeline

​3. Configure Pipeline Variables

​4. Set Up Enterprise Governance for OpenWebUI

Step 1: Implement Budget Controls & Rate Limits

Setting Up Department-Specific Controls: