All systems operational
Virtual API credential infrastructure

Replace exposed API keys
with controllable sub-keys.

Create revocable virtual credentials with limits, routing, monitoring, alerts, and audit logs for AI APIs, mobile apps, and multi-tenant systems.

Start free View architecture For AI assistants
Streaming-native · Edge-enforced · BYOK · Sub-millisecond overhead · No rewrite required
Mobile app edg_live_… AI agent edg_live_… Frontend edg_live_… Edgify 01 validate 02 limit 03 log 04 route OpenAI sk_master_… Anthropic sk_master_… Internal sk_master_… Each client carries only its sub-key. Master credentials never leave Edgify.
No. 02 — Problem

One credential everywhere is one leak from disaster.

Each surface below is somewhere an exposed master key shows up. None of them can be safely trusted with it. Edgify isolates each one behind a scoped sub-key.

Without Edgify
  • Mobile app ships the provider key in its bundle.
  • Shared team key gets pasted into a screenshot, a paste-bin, a CI log.
  • AI agent loops out of control and burns the monthly budget.
  • Tenant credential leaks across customers — no isolation.
  • You discover the leak from a $48,000 invoice.
  • No revocation, no attribution, no emergency switch.
With Edgify
  • Each app, agent, or tenant gets its own virtual sub-key.
  • Hard budget ceilings stop runaway spend at the limit.
  • Per-key alerts the moment usage deviates from baseline.
  • Tenant isolation by construction — never shared.
  • Revoke any key globally in under a minute.
  • Full audit trail — every request attributable.
No. 03 — How it works

Five steps from master key to governed estate.

  1. 01

    Add provider key

    BYOK. Master credentials are encrypted at rest and never returned by the API.

  2. 02

    Create sub-keys

    One per identity — agent, app, tenant, contractor. Reveal-once at creation.

  3. 03

    Set policy

    Rate limits, budget ceilings, allowed routes, IPs, models — per sub-key.

  4. 04

    Route through Edgify

    Replace your API base URL. Same SDK. Streaming, errors, headers pass through.

  5. 05

    Operate

    Watch live request logs. Get alerts on anomalies. Revoke any sub-key globally in under a minute.

No. 04 — Integration

Replace your API base URL. Replace the key. Done.

Edgify is a drop-in for OpenAI-compatible APIs and a transparent proxy for the rest. No SDK swap. Streaming, aborts, error responses pass through verbatim.

Before
const client = new OpenAI({
  baseURL: "https://api.openai.com/v1",
  apiKey:  "sk-proj-…",
});

Provider key sitting in your app. Anyone who reads the bundle has it.

After
const client = new OpenAI({
  baseURL: "https://proxy.edgify.net/openai",
  apiKey:  "edg_live_a8k…",
});

Scoped sub-key. Revocable. Budgeted. Logged. Same SDK.

· OpenAI-compatible endpoint
· Streaming + abort pass-through
· Provider error codes preserved
No. 05 — Product

The console behind your sub-keys.

Visual fragments of the operator surface. Each one corresponds to a real, working flow in the dashboard.

Virtual keys
+ New key
NameScopeStatus
mobile-ios-prod OpenAI · 50k/mo active
agent-research Anthropic · $250/mo active
tenant-acme OpenAI · scoped active
ci-builds Anthropic · 5k/mo rotating
Policy · mobile-ios-prod
Save
Rate limit
120 RPM · 50k RPM-burst
Monthly budget
$1,500 hard cap
Allowed models
gpt-4o-mini · gpt-4o
Allowed origins
app://com.acme.ios
Action on breach
freeze + email owner
Request log · live
streaming
tkeyroutems$
00:42 mobile-ios-prod POST /chat 184 0.0142
00:42 agent-research POST /chat 912 0.1820
00:43 tenant-acme POST /chat 210 0.0061
00:43 mobile-ios-prod POST /chat 173 0.0136
00:44 agent-research POST /chat 1108 0.2110
Anomaly alerts
2 firing
  • agent-research throttled
    3.4× normal hourly spend
  • mobile-ios-prod monitoring
    token outliers · gpt-4o
Usage · 24h
$184.20 · 12,408 req
  • mobile-ios-prod $74.20 · 40%
  • agent-research $66.80 · 36%
  • tenant-acme $31.40 · 17%
Revoke · ci-builds

Revocation propagates globally in < 60s. Every consumer of this credential will start failing with 401 key_revoked.

This action is irreversible.

Cancel Revoke now
No. 06 — Architecture

Where Edgify sits in your stack.

Same three-layer pattern, four common shapes. Your applications talk to Edgify; Edgify enforces policy and forwards to the upstream you chose.

AI agent
AI agent edg_live_… Edgify policy · log budget · route Anthropic sk_master_…
Mobile app
Mobile app edg_live_ios_… Edgify device-bound origin pinned OpenAI sk_master_…
Multi-tenant SaaS
Tenant acme edg_live_acme_… Tenant globex edg_live_glb_… Tenant initech edg_live_ini_… Edgify isolation per-tenant OpenAI sk_master_…
Browser / frontend
Browser edg_live_sess_… Edgify origin pinned session-bound OpenAI sk_master_…
No. 07 — Capabilities

What you actually get.

01

Virtual credentials

Issue scoped sub-keys per agent, app, tenant. Reveal-once secrets. Revoke globally in under a minute.

02

Prevent runaway spend

Hard budget ceilings per credential. Edgify freezes the offender before payroll discovers the spike.

03

Per-key rate limits

RPM, RPH, RPD, per-route, per-model. Enforced at the edge, not in your application.

04

Tenant isolation

Each customer or tenant gets its own credential. Per-tenant attribution, per-tenant logs.

05

Anomaly detection

Statistical baselines per credential, refreshed continuously. Notify, throttle, or freeze on deviation.

06

Smart routing

Prefer the cheapest acceptable model. Fall back when an upstream is degraded.

07

Tamper-evident audit

Every privileged action recorded in an append-only, hash-chained ledger. Export to CSV or your SIEM.

08

Sensitive-data masking

Redact PII before bytes reach the provider. Built-in templates for GDPR, HIPAA, secrets.

09

Signed webhooks

HMAC-signed delivery with exponential retry. Replayable dead-letter queue.

No. 08 — Trust

Designed to handle production traffic.

SOC 2 Type I controls in place; Type II audit window opens September 2026. Every guarantee below is backed by a contractual SLA or a verifiable cryptographic property — not a marketing line.

Provider keys encrypted at rest

AES-256-GCM with envelope encryption and quarterly key rotation. Never returned over the API after creation.

Sub-key revocation < 60s SLA

Issued sub-keys are revoked at the edge within 60 seconds of the API call. Backed by our uptime SLA — see /terms.

Metadata-first logging

Every request logged by default — bodies opt-in, retention configurable per environment.

Sub-millisecond overhead

Cached policy evaluation at the network edge. Streams pass through untouched.

Append-only audit chain

Each entry hashes the previous one. Tamper detection is mathematical, not policy-based — verify on demand.

One-click audit log export

CSV or JSON for every privileged action — RBAC changes, key issuance, policy edits — with the full hash chain.

Optional full-body capture

For investigation or replay. Redacted by your PII policy before storage; never sent to a third party.

Asynchronous analytics

Usage events leave the hot path; nothing blocks the upstream call. Edge errors never propagate to the customer.

SOC 2 Type I — in scope

Type II window opens Q3. Sub-processor list, data residency, and incident response plan available on request — write [email protected] with subject "Security disclosure".

No. 09 — For your AI assistant

Your coding agent can evaluate Edgify on its own.

We publish a machine-readable summary, evaluation prompts, integration examples, and policy recipes. Hand them to Claude, Cursor, or your in-house assistant — your code stays with your own tooling.

View llms.txt Evaluation guide
Drop into your assistant
"Evaluate Edgify (https://edgify.net/llms.txt)
 for governing the OpenAI keys our
 mobile app and three AI agents use.
 Outline integration steps and the
 sub-key/policy layout you'd recommend."
No. 10 — Pricing

Pay only for the governance layer.

Bring your own provider keys. Your upstream charges you for tokens; Edgify charges for the policy, audit, monitoring, and alerts on top.

Evaluate
$0 / forever

No card. Limited monthly volume.

Start free →
Team
$29 / month

500K governed req/mo. Webhooks + alerts.

Start 14-day trial →
Scale
$99 / month

5M governed req/mo. Caching + routing.

Start 14-day trial →
Enterprise
Custom

Own domain, SSO, audit chain, dedicated support.

Contact sales →

BYOK · Provider charges billed by your provider · Volume discounts at every tier

No. 11 — Documentation

Read first, deploy second.

Integration guide

Drop-in patterns for OpenAI, Anthropic, OpenRouter, and generic HTTP.

Read →

Governance playbook

Sub-keys, policies, audit — how adopters wire it up.

Read →

Operations runbooks

Incidents and how teams respond.

Read →

Compliance overview

Audit retention, privacy controls, disclosure.

Read →

Platform overview

Where Edgify sits in your stack.

Read →

For coding agents

A short brief written for autonomous evaluators.

Read →
No. 12 — Begin

Built for teams that stopped trusting the master key.

Create your first virtual API key in minutes.

Start free View architecture Request a demo