Nemo Routernemorouter.aiWhy We Don't Do BYOK
"Bring your own key" sounds customer-friendly. We chose the opposite: you get a NemoRouter key and credits, we manage every provider key. Here is the reasoning behind that decision.
"Bring your own key" is the default assumption for an LLM gateway, and on the surface it sounds pro-customer: you keep your provider accounts, the gateway just routes. We deliberately don't do it. On NemoRouter you get one NemoRouter API key and credits; we hold and manage every provider key. This is a real product decision with real trade-offs, and it's worth explaining the reasoning rather than just asserting it.
What BYOK actually asks of you
The "you keep your keys" framing hides the work it hands you:
- You hold N provider accounts — sign up, get approved, manage billing and rate limits with each of OpenAI, Anthropic, Google, and the rest.
- You reconcile N bills — each provider invoices you separately, in its own format, on its own cycle.
- You manage N sets of keys — rotation, leakage, per-provider limits, all yours.
- You eat the cold-start — a new provider or model means a new account and approval before you can use it.
BYOK doesn't remove that complexity; it relocates it to you and calls it freedom. For a lot of teams, that "freedom" is just unpaid operations work.
What no-BYOK gives instead
BYOK: your app → gateway → (your OpenAI key, your Anthropic key, …)
↑ you manage all of these
NemoRouter: your app → one sk-nemo-… key → we route to every provider
↑ we manage all provider keysOne key, one bill, one account. You never sign up with a provider, never reconcile their invoices, never manage their keys. New models show up because we did the provider onboarding. The complexity didn't vanish — we absorbed it, which is the actual service.
No-BYOK is what makes one bill possible
You can't offer "one bill, 100% of your credits, exact cost tracking" on top of keys you don't control. BYOK means the provider bills the customer directly, so the gateway can never be the single billing surface. Managing the keys ourselves is the precondition for the markup-free credit model and unified cost tracking — the features people actually want.
The security angle
There's a security argument too, and it cuts against intuition. With BYOK, your powerful provider keys travel into a third-party gateway's systems — you're trusting it with credentials that can run up unlimited spend on your provider accounts. With no-BYOK, you hold a virtual key that is rate-limited, budget-capped, and revocable, and the provider keys live in one managed vault rather than scattered across every customer's integration. A leaked NemoRouter key costs you a capped, revocable amount; a leaked provider key costs you whatever your provider account allows.
What you give up (honestly)
No-BYOK isn't free of trade-offs, and pretending otherwise would be dishonest:
- You don't use your existing provider commitments. If you've pre-purchased capacity with a provider, BYOK would let you draw it down; we don't.
- You trust us with provider relationships. Onboarding new providers/models is on our roadmap, not your control panel.
For teams with large pre-negotiated provider contracts, BYOK can make sense. For everyone else — which is most teams — trading those edge cases for one key, one bill, and capped revocable credentials is the better deal. We optimized for the common case on purpose.
The takeaway
No-BYOK isn't us taking something away — it's us absorbing the multi-account, multi-bill, multi-key complexity that BYOK quietly hands back to you, and making one clean billing surface possible in the process. You get one key, one bill, capped revocable credentials, and new models without new signups. The cost is the edge cases (existing provider commitments), which we judged worth trading for the simplicity the majority actually needs. It's the foundation the whole product sits on.