Guardrails

Guardrails limit where an API key can be used from, which tiers and models it can use, and how much budget it can spend.

ScenarioRecommendation
Local developmentSeparate key, small budget, start with auto
Production backendIP allowlist, explicit tier, budget limit
Coding agent / IDEDedicated key, small daily or weekly budget
High-risk agentKey budget plus app-side stop conditions
Fixed production workflowfixed model or fixed tier

Available Limits

LimitUse
IP allowlist / blocklistRestrict request source
allowed tiersRestrict economy / standard / premium
fixed modelRestrict to one model
model blacklistBlock specific models
daily / weekly budgetLimit period spend
routing strategyControl auto-routing preference

Rejected Requests

ErrorCommon cause
403 invalid_api_keyKey is invalid, revoked, expired, or not active
403 policy_rejectedIP, tier, fixed model, blacklist, or blocked policy failed
402 insufficient_quotaWallet balance, budget, or pre-freeze failed

Change Policy

Use a new key to replace the old key:

  1. Create a new key with the new policy.
  2. Send a test request with X-Request-ID.
  3. Confirm logs and usage in JoyToken Console.
  4. Switch production environment variables.
  5. Revoke the old key after observation.