AI SaaS, agents, customer workspaces
Customer API keys for AI startups
- Issue keys per customer, workspace, org, or environment
- Validate inside your API, worker, gateway, MCP server, or agent runner
- Return fields like `allowed_models`, `tool_allowlist`, and `workspace_id`
- Stripe checkout and customer portal already wired
import { createApiKeySdk } from "keystash-sdk";
const sdk = createApiKeySdk({
baseUrl: "https://api.keystash.dev"
});
await sdk.account.connect(process.env.KEYSTASH_VALIDATOR_KEY!);
const validation = await sdk.spaces.keys.validate(runtimeKey);
if (!validation.valid) {
throw new Error(validation.error || "Unauthorized");
}
const { workspace_id, allowed_models, tool_allowlist } = validation.key.fields;
Validation result
{
"valid": true,
"key": {
"title": "Customer Runtime",
"status": "active",
"fields": {
"workspace_id": "acme-prod",
"allowed_models": ["gpt-5.4", "gpt-5.4-mini"],
"tool_allowlist": ["web.search", "files.read"]
}
},
"currentMonthValidations": 182341,
"currentMonthValidationLimit": 500000
}Workspace policy
Acme prod
Allowed models
2
Allowed tools
files.read, web.search
Validator
required
Usage + billing
Pro
Current usage
182k / 500k
Spaces
4 / 10
Stripe portal
ready
Issue
- Provision customer keys per tenant or workspace
- Choose validator, admin, reader, or custom permission sets
- Attach structured fields your runtime can trust
Validate
- Use the SDK from your API, worker, or agent runtime
- Read workspace, model, and tool policy from the validation result
- Reject revoked or over-limit traffic before it reaches your app
Monetize
- Usage metering is built into validation traffic
- Stripe checkout and portal are already wired in the app
- Paid plans can gate spaces and validations without extra plumbing
SDK first
- Use one validator key from your backend, worker, gateway, or agent runner
- Pull workspace policy from the validation result instead of hardcoding it
- Count validations toward plan limits automatically
MCP config
{
"mcpServers": {
"keystash": {
"command": "node",
"args": ["./packages/api-key-mcp/dist/server.js"],
"env": {
"KEYSTASH_API_BASE_URL": "https://api.keystash.dev",
"KEYSTASH_API_KEY": "your-validator-key"
}
}
}
}What ships now
- Hosted app for spaces, keys, usage, and billing
- SDK for issuing, validating, and revoking keys
- MCP server package for agent workflows
TypeScript
keystash-sdk
import { createApiKeySdk } from "keystash-sdk";
const sdk = createApiKeySdk({
baseUrl: "https://api.keystash.dev"
});
await sdk.account.connect(process.env.KEYSTASH_VALIDATOR_KEY!);
const validation = await sdk.spaces.keys.validate(runtimeKey);
if (!validation.valid) {
throw new Error(validation.error || "Unauthorized");
}
const policy = validation.key.fields;Response
JSON
{
"valid": true,
"key": {
"title": "Customer Runtime",
"status": "active",
"fields": {
"workspace_id": "acme-prod",
"allowed_models": ["gpt-5.4", "gpt-5.4-mini"],
"tool_allowlist": ["web.search", "files.read"]
}
},
"currentMonthValidations": 182341,
"currentMonthValidationLimit": 500000
}Plans
Open pricing in appFree
$0
- 1 space
- 5 active API keys
- 50k validations / month
- Usage analytics
Pro
$24.99
- 10 spaces
- Unlimited API keys
- 500k validations / month
- Stripe checkout + portal
Growth
$79.99
- 50 spaces
- Unlimited API keys
- 2M validations / month
- For multi-workspace AI products
Enterprise
Contact
- Custom limits
- Private environment options
- Future SSO and audit controls
- Dedicated support