Docs Blog Pricing Python SDK Dashboard Request beta access
12 providers, no upstream credentials in our database

Scoped API keys for AI agents.

Give agents disposable keys with activation, token, and dollar limits. Works with OpenAI, Anthropic, Google, OpenRouter, and 7 more providers.

pip install till-ac # Create a scoped key: 50 activations, 100K tokens, $5 budget from till import TillClient client = TillClient(admin_key="till_admin_...") key = client.create_key( provider="openai", upstream_key="sk-proj-...", max_activations=50, max_tokens=100_000, max_spend_cents=500, # $5.00 ) # Agent uses it as a drop-in API key from till.openai_compat import patched_openai ai = patched_openai(key.scoped_key) ai.chat.completions.create(model="gpt-4o", messages=[...])

Three controls on every scoped key.

Activations and conservative token/spend capacity are reserved before forwarding, then settled to provider-reported usage.

Activation limits

Each proxied request burns one activation. Hit the cap, the key dies. Perfect for sandboxed agent runs.

💬

Token limits

Budgeted generation requests must declare an output-token cap. Till reserves a conservative bound before dispatch and settles it to reported usage.

💰

Spend budgets

Spend-limited requests require a model in Till's pricing table. Estimates settle from provider-reported usage and may differ from provider invoices.

🔒

No upstream credential storage

Upstream keys are AES-256-GCM encrypted into the scoped token and are not stored in Till's database.

🌐

12 providers

OpenAI, Anthropic, Google, OpenRouter, Mistral, Groq, Together, Fireworks, Perplexity, DeepSeek, xAI, and Cohere.

🐍

Python SDK

pip install till-ac Three lines to create a key. Drop-in OpenAI compatibility.

Works with every major AI provider

OpenAI Anthropic Google OpenRouter Mistral Groq Together AI Fireworks Perplexity DeepSeek xAI Cohere

Your upstream keys never touch our database.

When you create a scoped key, the upstream API key is AES-256-GCM encrypted and embedded directly in the scoped token. Our database stores only the activation counter and metadata.


Database compromise alone: the database does not contain upstream credentials. Protect scoped tokens as secrets: each token contains encrypted credential material and the service decrypts it while proxying authorized requests.

Token till_sk_mz90mM...VtkE.encrypted
DB stores key_hash, activations: 47/50, status: active
Not in DB sk-proj-xxxx... (your upstream key)

How it works

Four steps. Python SDK or raw HTTP.

1

Request beta access

New accounts are manually onboarded while verified-email signup is being completed.

2

Create scoped keys

Set activation, token, and dollar limits. Pick any of 12 providers.

3

Give to agents

Drop-in replacement. Point base_url at Till, use the scoped key as the API key.

4

Auto-expires

Whichever limit hits first kills the key. Revoke early from the dashboard.

Simple, transparent pricing

Controlled beta onboarding for new accounts. Existing customers can upgrade from the dashboard.

Free
$0
For trying it out
  • 3 scoped keys
  • 1,000 activations / month
  • All 12 providers
  • Token + dollar limits
  • Dashboard + Python SDK
Request beta access
Scale
$99 / mo
For high-volume operations
  • 100 scoped keys
  • 250,000 activations / month
  • All 12 providers
  • Token + dollar limits
  • IP allowlisting
  • Usage dashboard
Upgrade existing account