Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: How to manage AI APIs for SaaS application?
4 points by sbinnee 1 day ago | hide | past | favorite | 5 comments
I want to build an AI app. My idea is to support BYOK (bring your own key) or to manage one API key for each user.

What are the solutions to issue a lot of API keys for commercial apps? I would love to hear from the community.

 help



i did this with aws kms. i had a root key that encrypted & decrypted data keys, which were unique for each customer. those data keys then encrypted & decrypted sensitive customer info. so called envelope encryption

reply


I've used LiteLLM for my 1k-user service https://LibreThinker.com Works okay-ish, but some vendors now default to MFA on API keys (eg OpenAI) which makes things tricky; I decided to simply let those fail for now.

reply


I am a bit familiar with litellm. Do you proxy server?

reply


BYOK is becoming more common for AI SaaS. Interested to know how people handle rate limiting and key security at scale.

reply


Honestly the API key part ended up being the easy part for me.

The messy stuff was abuse prevention, retries/fallbacks, and sudden cost spikes once real users started using different workflows.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: