Bring Your Own Key (BYOK) is a pricing model where customers use their own API keys from a third-party service (like an LLM provider) within your application. Instead of you reselling the third-party service and charging for usage, the customer is billed directly by the provider, while you charge a separate fee for your platform’s value-added features.
This model effectively separates the cost of your software from the variable, and often unpredictable, cost of generative AI usage. It’s a strategic approach that reduces financial risk for you and provides cost transparency for your customers, making it particularly popular for AI and machine learning-based SaaS products.
The BYOK workflow involves a clear division of responsibilities between your platform, your customer, and the third-party service provider (e.g., OpenAI, Anthropic, or Google).
Here’s a breakdown of the typical flow:
- Customer provides key: The customer signs into your application, navigates to an integrations or settings panel, and securely inputs their API key from their chosen LLM provider.
- Platform stores key securely: Your application encrypts and stores the key in a secure vault, associating it with the customer’s account. It should never be stored in plain text or exposed in logs.
- Application makes requests: When the customer uses a feature that requires the LLM, your backend retrieves their specific key and uses it to make API calls to the provider on their behalf.
- Provider bills the customer: The LLM provider (e.g., OpenAI) sees the request coming from the customer’s unique key and bills their account directly for the tokens used.
- Platform bills for its service: Separately, you charge the customer your platform fee. This is typically a recurring subscription fee for access to your software’s features, user interface, and support.
This creates two distinct billing relationships for the customer: one with you for the platform, and one with the LLM provider for model usage.
For companies building on top of large language models, the BYOK model addresses several critical challenges related to cost, transparency, and enterprise adoption. It allows you to focus on your core product value without becoming a reseller of a volatile, high-cost service.
Key benefits include:
- Reduces financial risk: You don’t have to carry the financial burden of unpredictable and potentially massive pass-through costs from LLM providers. This eliminates the risk of a single customer’s usage spike resulting in a huge, unpaid bill.
- Unlocks enterprise adoption: Large enterprises often have negotiated custom pricing, dedicated instances, or specific security terms with major AI providers. BYOK allows them to leverage these existing agreements within your product.
- Increases cost transparency: Customers see exactly what they’re paying for model usage directly from the source. This builds trust and removes the fear of hidden markups or opaque pricing tiers.
- Eliminates usage ceilings: Without the need to impose your own usage limits to control costs, you can offer more generous or even unlimited access to your platform’s features, encouraging deeper engagement.
Implementing a BYOK model requires careful consideration of security, user experience, and legal terms. A poorly designed system can frustrate users and create security risks.
Here are some best practices to follow.
The security of your customers’ API keys is paramount. A leaked key can lead to significant financial damage and loss of trust.
- Use a dedicated secrets manager: Store all API keys in a secure, encrypted vault like AWS Secrets Manager, Google Secret Manager, or HashiCorp Vault.
- Encrypt at rest and in transit: Ensure keys are encrypted both when stored and when being transmitted between your services.
- Implement strict access controls: Only allow specific, authorized services to retrieve and use the keys. Never expose them to client-side applications.
- Validate keys on entry: When a user submits a key, make a simple, low-cost test call (e.g., listing available models) to confirm it’s valid and has the right permissions. Provide clear feedback if the validation fails.
Many platforms benefit from offering both a standard (vendor-billed) model for simplicity and a BYOK model for advanced or enterprise users. The user experience for switching between these modes should be seamless.
- Provide a clear choice: In your billing or settings section, use a simple toggle or radio button to let users choose between “Vendor-Billed” and “Bring Your Own Key” modes.
- Conditional UI for key entry: Only show the API key input form if the user has selected the BYOK option.
- Communicate the consequences: Use helper text to clearly explain what happens when they switch. For example: “In BYOK mode, you will be billed directly by your LLM provider for all model usage. Our platform fee covers access to all features.”
- Graceful error handling: If an API call fails due to an issue with the customer’s key (e.g., revoked, out of funds, rate limited), your application should detect this and present a clear, actionable error message.
Your terms of service should be updated to reflect the responsibilities of each party in a BYOK model.
- Customer responsibility for costs: State clearly that the customer is solely responsible for all charges incurred on their provided API key, regardless of how they were generated by your platform.
- Disclaimer of liability: Disclaim liability for any service disruptions, data inaccuracies, or financial losses resulting from issues with the customer’s key or their account with the third-party provider.
- Security commitment: Briefly describe your commitment to securing their key using industry-standard practices (e.g., encryption) without revealing specific implementation details.
- Platform fee clarity: Specify that your platform subscription fee is for access to your software and is independent of their third-party billing.
While your application is responsible for securely managing customer keys and making API calls, Kinde is the ideal platform for managing the subscription side of the BYOK model. It allows you to easily create and manage the platform fee that you charge your customers.
With Kinde, you can:
- Create a dedicated BYOK plan: Set up a specific plan in Kinde titled “BYOK” or “Enterprise” with a flat monthly or annual fee. This plan represents your platform fee and is completely separate from any LLM usage costs.
- Use metered billing for platform features: If your platform fee is based on your own value metrics (e.g., number of users, projects, or reports), you can add these as metered features to your BYOK plan in Kinde.
- Manage upgrades and downgrades: Allow users to switch between a traditional, all-inclusive plan and a BYOK plan. Kinde’s subscription management tools can handle the proration and billing changes automatically.
- Organize plans clearly: Use plan groups to keep your BYOK and standard vendor-billed plans organized, making them easier to manage as your business grows.
By using your own backend to handle the “key” part of BYOK and using Kinde to handle the “billing” part, you can build a robust, secure, and scalable pricing model for your AI application.
Get started now
Boost security, drive conversion and save money — in just a few minutes.