Govern AI usage like an enterprise asset
From a single account to an entire enterprise β identity, permissions, budget, guardrails, and audit, unified. Teams stay in control, usage stays transparent.
AI for teams, all under control
Not a pile of scattered API keys β a unified governance control plane.
3-layer identity & roles
Account / org / project structure β org-level and project-level roles judged independently.
Members & permissions
Invite members by email, assign roles β permissions can be scoped to menus and actions.
Project-level budgets
Budget caps per project, spend caps per key β over-limit calls blocked on the spot; usage real-time visible, no surprise bills.
Safety guardrails
Model blocklist / IP allowlist / member restrictions β default policies bindable to keys.
Policy-based model control
Configure model permissions and quotas per project / key β manage call traffic under policy.
Rate limits & quotas
Set request and token rate caps per project / key β blocked when quota is exhausted.
Three dimensions. Every boundary clear.
ModelGo's enterprise permission model works across three independent dimensions β identity tier, role assignment, and policy control. Each layer is judged separately so access is always precise and auditable.
Identity Tier
Account β Org β Project, cleanly nested. Use solo, or create an org and divide into projects β each project manages its own members, budgets, and keys independently.
Role Assignment
Org Admin controls members and billing across the org. Project Admin manages keys, budgets, and members within a project. Members operate within their assigned scope β no cross-boundary access.
Policy Control
Guardrails attach to keys or projects β model blocklist, IP allowlist, budget caps, rate limits. A default policy can cover multiple keys in one binding, no per-key config needed.
Your content. You decide what gets logged.
By default, request and response content is never stored or forwarded. When observability is enabled, you control the sampling rate and whether privacy mode is on β in privacy mode only metadata (timestamp, token count, model) is recorded. Message body never touches disk.
Usage at a glance, drillable to every call.
The console provides aggregated views across projects, models, and keys β token consumption, call count, and spend are live. Every call is traceable back to the exact project and key. No spreadsheet reconciliation needed.
Auditable Β· Traceable Β· Reconcilable
Audit & security
Full audit trail on critical operations β supports 2FA, OAuth login, account freeze, and session revocation.
Cost ledger & reconciliation
Usage and spend logged line by line β traceable, supports official invoices and line-item reconciliation.
You control how data is recorded and flows
Data control
Content logs not forwarded by default β enable on demand with privacy mode and sampling rate.
Secure key storage
API keys stored as digests only β redacted in lists, revocation is instant.
Credential encryption
Sensitive credentials encrypted at rest β forwarding endpoints verified to prevent SSRF.
Designed for ongoing operations, not just the first call
Beyond model access β covering the daily cycle of config, usage, reconciliation, and audit.
Configure
Create projects, assign budgets, set model permissions and keys.
Monitor usage
Track spend and token consumption across projects, models, and keys.
Reconcile
Every transaction traceable β supports official invoices.
Audit
Critical operations fully logged and traceable.
Bring AI into enterprise procurement and governance
AI product / SaaS teams
Embed AI across multiple projects β quotas per project, cost ledger, budget control, spend stays visible.
Internal automation teams
Roll out AI in finance, support, and ops β budgets, audit logs, and model governance keep usage controlled.
Developer / tool platforms
Expose AI to downstream via a unified API β project isolation, policy and quota control.
High-concurrency teams
Tickets, support, high-frequency flows β rate limits, usage visibility, guardrails keep things stable.
A permission system that grows with your team
Use solo, or create an org when ready β divide into projects, invite members, assign roles. Add people, delegate permissions, spin up projects. Permissions scale smoothly with your team, no rebuild required.