Platform
Bring Your Own Key (BYOK)
Last updated March 3, 2026
Connect your own provider API keys for provider-level control while keeping Cencori routing, security, and observability.
Bring Your Own Key (BYOK) allows you to use your existing API keys (OpenAI, Anthropic, Google, etc.) within Cencori. This gives you control over provider access while still using Cencori's observability, routing, and security.
Why Use BYOK?
| Feature | Managed Keys (Standard) | BYOK (Custom Keys) |
|---|---|---|
| Provider Invoice | Paid by Cencori | Paid by your provider account |
| Cencori Usage Charging | Credit wallet is charged | Depends on your Cencori plan/policy |
| Rate Limits | Shared Cencori limits | Your personal provider limits |
| Model Access | Standard supported models | Access to betas/finetunes |
| Setup | Instant (use Credits) | Requires configuration |
[!TIP] BYOK is ideal if you need provider-specific capabilities (betas, custom limits, finetuned models) or direct provider billing controls.
Configuring BYOK
You can configure keys at the Project level via the dashboard.
Web Dashboard
- Navigate to your Project.
- Click Providers in the sidebar.
- Select a provider from the list (e.g., OpenAI).
- In the dialog:
- Enter your API Key (e.g.,
sk-...). - Select a Default Model (e.g.,
gpt-4o). - Toggle Set as project default if you want this provider to handle all unspecified requests.
- Enter your API Key (e.g.,
- Click Save.
Once enabled, the provider badge will show "Enabled", and all requests for that provider will be routed using your credentials.
Hybrid Usage
You can mix and match Managed Keys and BYOK:
- Use Managed Keys for fast onboarding and centralized ops.
- Use BYOK where your team needs provider-specific controls.
See Credits System and Billing & Usage for how usage charging is applied in your deployment.
Security
Your keys are encrypted at rest using AES-256 encryption. They are strictly used for making requests to the respective provider and are never logged or exposed via the API.