Skip to content

Feature Request: Bring Your Own Key (BYOK) / Custom API Key Support #146

Description

@Ashad001

Implement a "Bring Your Own Key" (BYOK) feature that allows users to use their own API keys for OpenAI, Anthropic, Groq, and Gemini models. When users provide their own API keys, they should not be charged credits from the platform since they're using their own resources. Secure keys if stored client-side.

Current State

  • The settings popup has a commented-out checkbox for "Use custom API key" (lines 211-222 in SettingsPopup.tsx)
  • Basic API key validation exists in the backend (session_routes.py lines 257-276)
  • Credit deduction happens automatically for all users regardless of API key source
  • No distinction between platform credits and user's own API costs

Requirements

1. Frontend Changes

  • Uncomment and enhance the custom API key checkbox in SettingsPopup.tsx
  • Add API key validation feedback (success/error states)
  • Show clear indication when using custom vs platform API keys
  • Add helpful tooltips explaining the BYOK feature benefits
  • Prevent credit deduction when using custom API keys
  • Encrypt API key if storing in localStorage or cookies

2. Backend Changes

  • Enhance API key validation in session_routes.py
    • Test API key validity with a lightweight request before saving
    • Return detailed error messages for invalid keys
    • Store whether the user is using a custom key in session state
  • Add BYOK flag to model settings schema and session state
  • Modify credit deduction logic to skip charges when using custom API keys
  • Add usage tracking for BYOK vs platform usage (for analytics)

3. Credit System Integration

  • Update credit deduction logic in multiple components:
    • ChatInterface.tsx (lines 1026-1083)
    • DeepAnalysisSidebar.tsx (lines 456-506, 632-680)
  • Add BYOK detection before calling /api/user/deduct-credits
  • Display BYOK status in credit context and UI components
    Important Note: DeepAnalysisSidebar.tsx (lines 456-506, 632-680), CodeFixButton (lines 125-160) and CodeCanvas (lines 692-720) always use models via platform API (non-BYOK). Skip BYOK logic for these two, credits should always be deducted (at least for now).

Error Handling

  • Specific error messages for different API key validation failures
  • Graceful degradation if API key validation fails
  • Clear instructions for obtaining API keys from different providers

Files for Reference

Frontend Files

  • Auto-Analyst/auto-analyst-frontend/components/chat/SettingsPopup.tsx - Main BYOK UI
  • Auto-Analyst/auto-analyst-frontend/components/chat/ChatInterface.tsx - Credit deduction logic
  • Auto-Analyst/auto-analyst-frontend/lib/hooks/useModelSettings.ts - Settings management
  • Auto-Analyst/auto-analyst-frontend/lib/contexts/credit-context.tsx - Credit context updates

Backend Files

  • Auto-Analyst/auto-analyst-backend/src/routes/session_routes.py - API key validation & settings
  • Auto-Analyst/auto-analyst-backend/src/schemas/model_settings.py - Schema updates
  • Auto-Analyst/auto-analyst-backend/app.py - Session model configuration

API Routes to Update

  • /settings/model - Enhanced validation and BYOK flag
  • /api/model-settings - Return BYOK status
  • /api/user/deduct-credits - Add BYOK bypass logic

✅ Acceptance Criteria

  1. API Key Validation: Users can input their API keys and receive immediate validation feedback
  2. Credit Bypass: No credits are deducted when using custom API keys
  3. Visual Feedback: Clear UI indication of BYOK vs platform usage
  4. Error Handling: Helpful error messages for invalid or expired keys
  5. Security: API keys are validated but not stored permanently (session only)
  6. Multi-Provider: Works with OpenAI, Anthropic, Groq, and Gemini APIs

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug fixUsed for tracking and categorizing fixes for reported bugs and issues in the codebase.enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions