SaaS teams shipping AI to their own users
Embed paid AI features in your SaaS
- No subscription, pay only for inference
- Use with any model
- Backend is optional
- Per-customer limits and analytics
- Hide system prompts
- Tool use and structured output included
Mint browser session
publishable key
import { createApiKeySdk } from "keystash-sdk"; const sdk = createApiKeySdk({ baseUrl: "https://api.keystash.dev" }); await sdk.account.connect(import.meta.env.VITE_KEYSTASH_PUBLISHABLE_KEYUse a publishable app key here, not an admin key. Scope it to one space, one origin, and specific feature ids.); const session = await sdk.runtime.sessions.create({ spaceId: "acme-prod", endUserId: auth.user.idUse the same stable SaaS user id in frontend runtime calls and in Stripe metadata or client_reference_id. No separate create-user step is required., operationIds: ["op_live_abc123"Feature id returned by the control plane. Scope the publishable key to the same id.], ttlMinutes: 15Keystash returns a short-lived runtime token instead of provider credentials. }); await sdk.runtime.connect(session.tokenResult:kst_rt_...scoped toacme-prod, one user id, one feature id, and a 15 minute TTL.);
- Use your own SaaS auth user id
- Publishable keys mint sessions only for allowed origins and feature ids
- No separate create-user call is required
Configure webhook
space config
Space settings Stripe signing secret whsec_*** End user id source metadata End user id metadata key keystash_end_user_id Spend amount source metadata Spend amount metadata key keystash_spend_usd Webhook URL https://api.keystash.dev/api/spaces/acme-prod/end-user-billing/stripe/webhook
- Configure the mapping from the UI, not from code
- Stripe can call Keystash directly
- Backend is optional for user spend grants
Stripe funds that user
direct webhook
{
type: "checkout.session.completed"Keystash handles the completed payment once per Stripe event id.,
data: {
object: {
metadata: {
"keystash_end_user_id": "user_123"Match the same user id you pass when minting browser runtime sessions.,
"keystash_spend_usd": "25"Result: Keystash creates or tops up that user's spend record with $25.
}
}
}
}
- Spend allowance attaches to the same SaaS user id
- The spend record can be created lazily by webhook
- Keystash keeps the grants idempotent per Stripe event
Invoke one feature
runtime
const result = await sdk.runtime.invoke({ operationId: "op_live_abc123"Use the same feature id that the publishable key and runtime session were scoped to., input: { ticket: "Customer asks for refund after duplicate charge." } }, session.token); const summary = result.outputTextResult:"Duplicate charge. Refund likely. Escalate billing."; const billedTokens = result.usage.totalTokensResult:248tokens. Usage is tracked against that user and deducted from remaining spend.; const model = result.modelResult:openai/gpt-5.4-minias configured in the hidden feature.;
- Usage is tracked per user and per feature
- Remaining spend is deducted automatically
- Output returns through one runtime API
Define
- One feature per product action
- Provider key stays server-side
- Prompt stays hidden
Run
- Mint runtime sessions per end user
- Invoke features from browser or app shell
- Keep models and prompts scoped
Meter
- Track calls and token usage by space
- Track usage by feature
- Debit the space balance as users run features
SDK first
- `sdk.spaces.operations.create(...)`
- `sdk.runtime.sessions.create(...)`
- `sdk.runtime.invoke(...)`
- `sdk.runtime.usage(...)`
Backend is optional
Ship a client-side app with one app key. KeyStash mints short-lived runtime sessions for each customer.
Hidden system prompts
Feature prompts live in KeyStash. The browser only sends input and receives output.
Stripe webhook flow
If you already run your own checkout flow, Stripe can still call Keystash directly to increase one end user's remaining spend.
SDK surfaces
browseable
Create one publishable app key
admin
const publishableKey = await sdk.spaces.keys.create("acme-prod", {
title: "Acme publishable runtime key",
permissions: [
{ type: "keystash:runtime:session:create", meta: {} }
],
fields: {
space_id: "acme-prod",
allowed_origins: ["https://app.acme.com"],
allowed_operation_ids: [feature.id]
}
});- Use one app key per product surface
- Scope it to one origin and allowed feature ids
- The browser never receives an admin key
Create a hidden feature
admin
const feature = await sdk.spaces.operations.create("acme-prod", {
title: "Summarize ticket",
slug: "summarize_ticket",
model: "openai/gpt-5.4-mini",
systemPrompt: "You summarize support tickets for internal agents.",
userTemplate: "Ticket:\n{{ticket}}\n\nReturn a concise summary.",
allowedOrigins: ["https://app.acme.com"]
});- Model and system prompt stay hidden
- One feature maps to one paid SaaS action
- Tool use and structured output stay server-side
Use the OpenAI-compatible endpoint
runtime
import OpenAI from "openai";
const client = new OpenAI({
baseURL: "https://api.keystash.dev/api/openai/v1",
apiKey: session.token,
dangerouslyAllowBrowser: true
});
const completion = await client.chat.completions.create({
model: "summarize_ticket",
messages: [
{
role: "user",
content: "Customer asks for refund after duplicate charge."
}
]
});- Swap in your runtime token
- Keep the browser on an OpenAI-compatible client
- Billing and per-user limits still stay in Keystash