Per-Member Budgets & Developer Role
Give every teammate guard rails, not the whole wallet
Everyone in an organization used to draw from one pool of credits with no per-person guard rails — one over-eager script could spend the whole team's budget. Per-Member Budgets give each member their own: cap how many API keys they can have active at once, their lifetime spend across all keys, and their spend per rolling hour, day, week, or month. The gateway enforces the caps at request time across chat, embeddings, OCR, speech, and video — an over-budget request is rejected with a 403 before it reaches a provider, and key creation past the cap fails with a clear 400. Org-wide default developer limits cover every developer without a personal override, and each member sees their remaining allowance on their own dashboard. The Developer role completes the picture: it grants access to exactly the projects you pick and nothing else, with a minimal dashboard scoped to the member's own usage and keys — pair it with default limits and a contractor is productive, and capped, in one invite. Spend against each cap is visible per member on the Team page alongside Organization-Wide Analytics.
In the dashboard
The real UI, with sample data
The same components your team gets in the dashboard — switch the Cost / Requests / Tokens tabs below. Numbers are illustrative.
Default developer limits
Applied to every developer without a personal override
| Name | Role | Projects | Limits | Cost | Tokens | Requests | API keys | Actions |
|---|---|---|---|---|---|---|---|---|
Amira Haddad amira@acme.dev | owner | All projects | — | $4,812.40 | 625,612,300 | 2,021,208 | 6 | |
Jonas Weber jonas@acme.dev | admin | All projects | — | $2,304.11 | 299,534,410 | 967,726 | 4 | |
Priya Sharma priya@acme.dev | developer | Production API | $500.00/month3 keys | $412.86 | 53,671,800 | 173,401 | 3 | |
Marco Rossi marco@acme.dev | developer | Support ChatbotResearch & Evals | $250.00/week2 keys | $189.44 | 24,627,200 | 79,565 | 2 | |
Lena Fischer lena@contractor.io | developer | Research & Evals | $100.00 total$10.00/day1 key | $96.10 | 12,493,000 | 40,362 | 1 |
Enforced at request time
An over-budget request is rejected before it reaches a provider.
POST /v1/chat/completions 403 Member has reached their total spend budget.
Why teams turn it on
Enforced at request time
Spend caps are checked in the gateway on every request — chat, embeddings, OCR, speech, and video. Over-budget requests return a 403 before any data reaches a provider.
Three kinds of cap
Max active API keys, lifetime spend across all of a member's keys, and period spend per rolling hour, day, week, or month.
Default developer limits
Set org-wide defaults that cover every developer without a personal override. Members see their remaining allowance on their own dashboard.
Project-scoped Developer role
Developers get exactly the projects you pick and a minimal dashboard with their own usage and keys — the rest of the org UI stays out of reach.
How it works
From decision to deployed in three short steps
- 01
Open Organization → Team
Invites, roles, and budgets live on one page. Enterprise admins also see per-member cost, tokens, requests, and API-key columns.
- 02
Set budgets and defaults
Use Manage budget on any row for personal caps, or set org-wide default developer limits that cover everyone without an override.
- 03
Scope with the Developer role
Assign Developer and pick the member's projects. An info card next to the role picker spells out exactly what Owner, Admin, and Developer can do.
json
Key usage and reset times in the API
{
"usageLimit": "100",
"usage": "42.13",
"periodUsageLimit": "10",
"currentPeriodUsage": "3.20",
"currentPeriodResetAt": "2026-07-04T00:00:00.000Z"
}Real-world use cases
Why customers actually adopt this
Contractors in one invite
Invite with the Developer role, scope them to one project, and let default limits cap their spend — productive and contained from day one.
Runaway-script protection
A rolling daily cap means an agent loop gone wrong stops at the member's limit instead of draining the team's credits overnight.
Per-person accountability
Admins see each member's cost, tokens, requests, and key count on the Team page — spend against each cap, per person.
Frequently asked
- What happens when a member hits their cap?
- Requests are rejected with a 403 ("Member has reached their total spend budget.") before reaching a provider, and creating a key past the max-active-keys cap fails with a clear 400.
- Which plans include this?
- Per-member budgets are available to admins on every plan. The project-scoped Developer role and per-member cost columns on the Team page are Enterprise features.
- Can platforms see a key's remaining headroom?
- Yes — the Master Keys API and the payments SDK's getBalance() report consumed usage next to the configured limits, including when the current window resets.
More enterprise capabilities
The rest of the enterprise stack
Organization-Wide Analytics
Cost, requests, and tokens totaled across every project, with breakdowns by model, project, API key, and member. Built on pre-aggregated rollups, so any date range stays fast.
Enterprise Audit Logs
Tamper-evident audit trails for SOC 2, HIPAA, ISO 27001, and internal investigations. Every config change, key rotation, and admin action — captured, attributed, exportable.
Per-Project Routing Overrides
Override global routing rules at the project level — region, provider order, fallback chain, and cost ceilings. Production stays pinned; experimental teams stay flexible.
Enterprise Guardrails
Server-side detection for prompt injection, PII, secrets, and policy violations. Configured centrally, enforced at the gateway, auditable per-request.
Discord & Slack Alerts
Native webhook integrations for Discord and Slack. Get the enterprise contact-sales form, billing events, guardrail trips, and SLA breaches in the channels your team already monitors.
Single Sign-On (SAML / OIDC)
SAML 2.0 and OIDC SSO with SCIM provisioning, group-based role mapping, and enforced-only access. No local credentials, no shared passkeys, no off-boarding gaps.
White-Label Chat & Playground
Embed or stand up a fully white-labeled chat app and playground under your own domain. Customize branding, default models, system prompts, and feature toggles.
Provider Compliance Policies
Define the certifications and data policies your providers must meet — SOC 2, ISO 27001, GDPR, no prompt training, no prompt logging — and the gateway refuses to route to anything that doesn't qualify.
See per-member budgets & developer role on your real workloads
Bring a sample workload to a 30-minute call. We'll wire it up live and show you the actual experience your team will get.