Enterprise capability

Per-Member Budgets & Developer Role

Give every teammate guard rails, not the whole wallet

Everyone in an organization used to draw from one pool of credits with no per-person guard rails — one over-eager script could spend the whole team's budget. Per-Member Budgets give each member their own: cap how many API keys they can have active at once, their lifetime spend across all keys, and their spend per rolling hour, day, week, or month. The gateway enforces the caps at request time across chat, embeddings, OCR, speech, and video — an over-budget request is rejected with a 403 before it reaches a provider, and key creation past the cap fails with a clear 400. Org-wide default developer limits cover every developer without a personal override, and each member sees their remaining allowance on their own dashboard. The Developer role completes the picture: it grants access to exactly the projects you pick and nothing else, with a minimal dashboard scoped to the member's own usage and keys — pair it with default limits and a contractor is productive, and capped, in one invite. Spend against each cap is visible per member on the Team page alongside Organization-Wide Analytics.

In the dashboard

The real UI, with sample data

The same components your team gets in the dashboard — switch the Cost / Requests / Tokens tabs below. Numbers are illustrative.

Organization → TeamMock data

Default developer limits

Applied to every developer without a personal override

$100.00 total$25.00/week3 keys
NameRoleProjectsLimitsCostTokensRequestsAPI keysActions
Amira Haddad
amira@acme.dev
ownerAll projects$4,812.40625,612,3002,021,2086
Jonas Weber
jonas@acme.dev
adminAll projects$2,304.11299,534,410967,7264
Priya Sharma
priya@acme.dev
developer
Production API
$500.00/month3 keys
$412.8653,671,800173,4013
Marco Rossi
marco@acme.dev
developer
Support ChatbotResearch & Evals
$250.00/week2 keys
$189.4424,627,20079,5652
Lena Fischer
lena@contractor.io
developer
Research & Evals
$100.00 total$10.00/day1 key
$96.1012,493,00040,3621

Enforced at request time

An over-budget request is rejected before it reaches a provider.

POST /v1/chat/completions
403 Member has reached their total spend budget.

Why teams turn it on

Enforced at request time

Spend caps are checked in the gateway on every request — chat, embeddings, OCR, speech, and video. Over-budget requests return a 403 before any data reaches a provider.

Three kinds of cap

Max active API keys, lifetime spend across all of a member's keys, and period spend per rolling hour, day, week, or month.

Default developer limits

Set org-wide defaults that cover every developer without a personal override. Members see their remaining allowance on their own dashboard.

Project-scoped Developer role

Developers get exactly the projects you pick and a minimal dashboard with their own usage and keys — the rest of the org UI stays out of reach.

How it works

From decision to deployed in three short steps

  1. 01

    Open Organization → Team

    Invites, roles, and budgets live on one page. Enterprise admins also see per-member cost, tokens, requests, and API-key columns.

  2. 02

    Set budgets and defaults

    Use Manage budget on any row for personal caps, or set org-wide default developer limits that cover everyone without an override.

  3. 03

    Scope with the Developer role

    Assign Developer and pick the member's projects. An info card next to the role picker spells out exactly what Owner, Admin, and Developer can do.

json

Key usage and reset times in the API

{
  "usageLimit": "100",
  "usage": "42.13",
  "periodUsageLimit": "10",
  "currentPeriodUsage": "3.20",
  "currentPeriodResetAt": "2026-07-04T00:00:00.000Z"
}

Real-world use cases

Why customers actually adopt this

01

Contractors in one invite

Invite with the Developer role, scope them to one project, and let default limits cap their spend — productive and contained from day one.

02

Runaway-script protection

A rolling daily cap means an agent loop gone wrong stops at the member's limit instead of draining the team's credits overnight.

03

Per-person accountability

Admins see each member's cost, tokens, requests, and key count on the Team page — spend against each cap, per person.

Frequently asked

What happens when a member hits their cap?
Requests are rejected with a 403 ("Member has reached their total spend budget.") before reaching a provider, and creating a key past the max-active-keys cap fails with a clear 400.
Which plans include this?
Per-member budgets are available to admins on every plan. The project-scoped Developer role and per-member cost columns on the Team page are Enterprise features.
Can platforms see a key's remaining headroom?
Yes — the Master Keys API and the payments SDK's getBalance() report consumed usage next to the configured limits, including when the current window resets.

More enterprise capabilities

The rest of the enterprise stack

Organization-Wide Analytics

Cost, requests, and tokens totaled across every project, with breakdowns by model, project, API key, and member. Built on pre-aggregated rollups, so any date range stays fast.

Enterprise Audit Logs

Tamper-evident audit trails for SOC 2, HIPAA, ISO 27001, and internal investigations. Every config change, key rotation, and admin action — captured, attributed, exportable.

Per-Project Routing Overrides

Override global routing rules at the project level — region, provider order, fallback chain, and cost ceilings. Production stays pinned; experimental teams stay flexible.

Enterprise Guardrails

Server-side detection for prompt injection, PII, secrets, and policy violations. Configured centrally, enforced at the gateway, auditable per-request.

Discord & Slack Alerts

Native webhook integrations for Discord and Slack. Get the enterprise contact-sales form, billing events, guardrail trips, and SLA breaches in the channels your team already monitors.

Single Sign-On (SAML / OIDC)

SAML 2.0 and OIDC SSO with SCIM provisioning, group-based role mapping, and enforced-only access. No local credentials, no shared passkeys, no off-boarding gaps.

White-Label Chat & Playground

Embed or stand up a fully white-labeled chat app and playground under your own domain. Customize branding, default models, system prompts, and feature toggles.

Provider Compliance Policies

Define the certifications and data policies your providers must meet — SOC 2, ISO 27001, GDPR, no prompt training, no prompt logging — and the gateway refuses to route to anything that doesn't qualify.

See per-member budgets & developer role on your real workloads

Bring a sample workload to a 30-minute call. We'll wire it up live and show you the actual experience your team will get.