Per-key spend caps
A key you hand to an agent is a blank check unless something bounds it. In idapt, the bound lives on the key itself: a hard USD cap, enforced on every metered endpoint across all three compatible APIs.
Three cap windows
LifetimeA fixed total the key can ever spend. The classic one-project budget: when it is gone, the key stops.
MonthlyResets on the calendar month. Fits recurring agents and team members with a steady allowance.
DailyResets daily. The tight leash for experiments and untrusted automation.
What hitting a cap looks like
Requests on a capped-out key fail with a structured error carrying the code below. The account may still have budget; this key does not.
json
{
"error": {
"code": "credit_spend_limit_exceeded",
"message": "This key's spend cap is exhausted."
}
}The agent-budget pattern
- Mint one key per agent or project, named after it, with a cap that matches its job.
- Hand the agent that key only. The cap is the blast radius: a runaway loop stops at the cap, not at your account budget.
- Watch per-key usage in the workspace Gateway tab; raise the cap deliberately when the work earns it.
Related: API keys and scopes, the errors reference and gateway quickstarts. Inside the product, agent runs carry their own budgets and the autonomy dial; key caps are the equivalent for code you run outside.