See and control every AI dollar your company spends.
Cap spend, route to cheaper models, and attribute every AI request across every provider, with one API.
Works with every major provider
See the waste, and watch it get cut.
Every AI request is metered the instant it runs. Byoky shows would-be spend, what it cut, and how much you actually saved, in real dollars against a real baseline.
Change one line. Route through Byoky.
Point any OpenAI-compatible client at our URL with a scoped byk_ key. Every request now flows through budgets, policy, and optimization — no rewrite, no migration.
import OpenAI from 'openai';
const client = new OpenAI({
- baseURL: 'https://api.openai.com/v1', // straight to the provider
+ baseURL: 'https://api.byoky.com/v1', // route through Byoky
apiKey: process.env.BYOKY_KEY, // a byk_ key, not the raw one
});Gemini · +10
Works with the OpenAI & Anthropic SDKs, LangChain, the Vercel AI SDK, or curl. Your real provider keys stay sealed server-side. And if Byoky is ever unreachable, the SDK fails open straight to the provider — so it's a reliability upgrade, never a new point of failure.
Everything runs through it, and you see all of it.
Spend caps, like corporate cards.
Issue a monthly cap to any team, app, or agent. Alert at a threshold, hard-stop with a 402 at the limit.
- Per team / app / agent
- Alert, then block at cap
- Live spend, not month-end
Guardrails that enforce themselves.
Model allow/deny lists, auto-stop on spend spikes, and a loop kill-switch for runaway agents. Every request gets a verdict.
- Model allow / deny
- Auto-stop on spend spikes
- Loop kill-switch for agents
Every request, attributable.
Break spend down by user, app, model, cost, latency, and verdict. Searchable, without handing any app a raw provider key.
- Who / what / which model
- Cost + latency on every call
- Opt-in, PII-redacted prompts
Stop a runaway agent cold.
Pause any agent instantly, or let auto-stop trip it on a spike or loop. Your team is pinged; resume with one click.
- Instant 403 at the gateway
- Fires automatically + alerts
- One-click resume
Byoky pays for itself on day one.
You see exactly where the money goes — then Byoky tells you where it's being wasted and fixes it. Over-powered models, uncached traffic, agents burning loops, uncapped teams. Every recommendation is a real dollar figure, computed from your actual usage. Apply the fix in one click.
- Savings measured against a real no-Byoky baseline — no vanity math.
- Routing is opt-in and reversible — you approve each model swap, and a pinned model is never silently downgraded.
- One-click apply: enable a cheaper route or set a cap, right from the alert.
Every employee gets AI. You keep control.
Not just a developer gateway — a company-wide access rail for humans and agents, on every provider and device.
Request
Any employee browses the model/app catalog and requests access — in the console or Slack.
Approve
Routed to the right approver by role. Auto-approve the safe stuff instantly.
Granted
A scoped key is minted inside their team’s budget and policy — working in seconds.
Lifecycle
Auto-provision on hire via your IdP; revoke every key, grant, and budget on offboard.
The controls security and IT ask for — already built in.
SSO & RBAC
OIDC login (Google/Microsoft/Okta) with scoped roles — owner, admin, finance, security, member.
Tenant isolation
Postgres row-level security enforces org boundaries at the database, not just in app code.
Sealed credentials
Provider keys are KMS-envelope encrypted per org. Apps carry scoped byk_ keys, never the real thing.
Immutable audit
Every budget, policy, key, and access change logged — who, when, what. Prompt capture is opt-in and PII-redacted.
Fail-open
On an outage, requests degrade straight to the provider. Byoky is a reliability upgrade, never a single point of failure.
Kill-switch
Pause any agent instantly — or let auto-stop do it on a spend spike or loop, and alert your team.
A gateway shows you spend. Byoky controls it.
Most tools are either an LLM gateway (routing + logs) or a FinOps dashboard (read-only reports). Byoky is the control plane that does both — and enforces.
| Byoky | LLM gateways | FinOps dashboards | |
|---|---|---|---|
| OpenAI-compatible gateway | ✓ | ✓ | — |
| Budgets that hard-stop spend | ✓ | partial | read-only |
| Policy + auto-stop + agent kill-switch | ✓ | partial | — |
| Company-wide access management (SSO, requests, JML) | ✓ | — | — |
| Cost optimization + one-click fixes | ✓ | partial | insights only |
| Keys sealed server-side (KMS), never in your app | ✓ | partial | — |
| Fails open — never a new point of failure | ✓ | — | n/a |
| Fee model | 2% of spend | per-seat / token markup | per-seat |
| Self-hostable + open source | ✓ | partial | — |
Comparison reflects common capabilities in each category, not any single named product. Bring your own shortlist — we'll map it honestly.
No lock-in. No black box. No new SPOF.
Open source
The full stack is on GitHub, MIT-licensed. Read the code that touches your keys.
Self-hostable
Run it in your own cloud with your own KMS and IdP. Your data never has to leave.
Your keys, your accounts
You keep paying providers directly on your own committed-use discounts. We never resell tokens.
Fails open
If Byoky is down, requests go straight to the provider. Adopting it can’t make you less reliable.
The free on-device wallet.
Individuals and side projects can start bottoms-up: a keys-never-leave-device wallet for Chrome, Firefox, iOS, and Android. When your team's ready, upgrade to the control plane.