Skip to content

Docs / BYOK

BYOK — Bring Your Own Key

Bring your own model key. We orchestrate; you own the inference bill.

BYOK — Bring Your Own Key

developerz.ai is a thin orchestrator. We never proxy or resell inference tokens. You connect your own API key from Anthropic, OpenAI, or Google Gemini. Your key goes directly to the provider; we are not in the call path.

Why BYOK?

  • Cost transparency — your provider invoice shows exactly what the agent spent. No markup, no hidden per-seat token fees.
  • Model choice — pick the model that matches your cost/quality needs. Swap at any time without changing your policy file.
  • Data residency — your code and issue text go directly to the provider you chose under your own account's data-handling terms.
  • No vendor lock-in to us — if you stop using developerz.ai, your key and your data stay with the provider.

Supported providers

Provider Models
Anthropic claude-opus-4, claude-sonnet-4, claude-haiku-4 (and later versions)
OpenAI gpt-4o, gpt-4o-mini, o3, o4-mini
Google Gemini gemini-2.5-pro, gemini-2.5-flash

The model list is updated as providers release new versions. Check the dashboard for the current model picker.

Adding your key

  1. Open the dashboard and go to Settings → Model keys.
  2. Choose your provider and paste your API key.
  3. Click Save. The key is encrypted with AES-256-GCM before being stored; the plaintext is never written to disk or logs after the initial save.
  4. Select the key in your repository's Settings → Model dropdown.

You can add multiple keys (one per provider) and choose per-repository which key to use.

Key storage and security

  • Keys are stored encrypted at rest (AES-256-GCM, unique IV per row).
  • Keys are decrypted in memory only at the moment the agent needs to make an API call.
  • Keys are never logged, never included in audit events, and never sent to any third party other than the selected provider.
  • Key access is scoped to your account. GitHub App installation tokens cannot read keys.
  • See the security doc for the full threat model.

Usage limits

You can set soft spending limits and hard caps in the dashboard:

Limit Description
Monthly budget Soft alert at 80% of your configured monthly spend.
Per-session cap Maximum LLM steps per agent session (default: limits.max_steps_per_session: 50 in .maintainer.yml).
Rate cap Maximum API calls per minute, to avoid burst charges.

When a hard cap is hit the agent parks the current session and logs the reason. No partial work is silently abandoned — the audit log shows exactly where the session stopped.

Rotating your key

  1. Generate a new key in your provider's dashboard.
  2. Paste the new key in Settings → Model keys → Edit.
  3. Click Save. The new key takes effect for all subsequent agent sessions.
  4. Revoke the old key in your provider's dashboard.

There is no downtime during rotation — in-flight sessions complete with the old key; new sessions use the new key.