Per-vendor spend caps
Daily USD cap per vault key per vendor. Stripe, Twilio, and Resend costs are parsed from response data in real time — not estimated from request counts.
A scoped API-key proxy for Stripe, Twilio, and Resend — with per-vendor spend caps, endpoint allowlists, audit log, and one-click revoke.
Open to the first 10 beta teams — free for 6 months. Building in public at @bitinvestigator.
The problem
When you let an autonomous agent touch Stripe, Twilio, or Resend, you hand it a long-lived API key with full-account power. A retry loop, a bad prompt, a runaway tool call — there's no spend ceiling, no audit trail, no kill switch. By the time you notice, the charges are real.
How it works
Create a vault_key_… token bound to your real Stripe, Twilio, or Resend secret. Scoped to one agent or one run.
Set a daily USD cap, endpoint allowlist, Stripe-merchant scope, and an expires_at. Policies live server-side; the agent never sees the real key.
Your agent calls proxy.keybrake.com/stripe/v1/charges. We enforce the policy, forward to the vendor, parse the cost, and log every call.
# Before stripe.Charge.create(api_key="sk_live_…", amount=5000, currency="usd") # After — same SDK, different key + base_url stripe.Charge.create( api_key="vault_key_a1b2c3", api_base="https://proxy.keybrake.com/stripe", amount=5000, currency="usd")
What you get
Daily USD cap per vault key per vendor. Stripe, Twilio, and Resend costs are parsed from response data in real time — not estimated from request counts.
Lock a key to specific endpoints, a single Stripe merchant, or a per-request price ceiling. Expire automatically. One bad prompt can't broaden the scope.
Every call is logged with vendor, endpoint, cost, latency, and policy outcome. Filter by vault key, vendor, merchant, or breach type. Retention up to 90 days.
Kill any vault key instantly without rotating the upstream Stripe or Twilio secret. No redeploy, no code change — the agent gets a 403 on the next call.
Pricing
$0/mo
For agent tinkerers and side projects.
Most popular
$99/mo
For teams running agents in production.
Custom
For high volume, SSO, and self-hosted deploys.
Questions
Yes — we proxy every call, so the real Stripe, Twilio, or Resend secret lives in our encrypted store. Keys are encrypted at rest with AES-256 and only decrypted in-memory during request forwarding. If that's a dealbreaker, the Scale plan ships a self-hosted build so the secrets never leave your VPC.
Stripe, Twilio, and Resend. We picked three where the cost of each call is parseable from response data — that's what lets us enforce real USD caps instead of request-count caps. Shopify, Postmark, and Segment are on the roadmap; reply to the waitlist email to vote.
For Stripe we parse the charge amount and fees from the response. For Twilio we read the price field returned on every SMS or call. Resend is a fixed per-email rate. Before each request we check the running daily total against your cap and return 402 Payment Required if the next call would cross it.
Self-hosting ships with the Scale plan. The deployment is a single Node process plus a local SQLite file — it runs on a $5 VPS. The source is closed but the artifact is a single binary with a license key. Email hello@keybrake.com when you're ready.
Plan for roughly 40ms added per call (TLS handshake to the proxy, policy check, forwarded TLS to the vendor). We don't queue or batch — each call round-trips in real time. If your agent already tolerates vendor latency, it'll tolerate this.
Get early access the moment the first Stripe proxy ships. Free for the first 10 beta teams.
Get early access