Frequently Asked Questions

Behest provides complete visibility and control for enterprise AI. It operates as a unified gateway that delivers three core pillars: Token FinOps for cost control, Enterprise AI Governance for security and compliance, and an AI Backend as a Service for rapid application development. Behest sits between your apps and LLMs to stop shadow AI and runaway token costs.

An AI Backend as a Service is the complete infrastructure layer between your application and your LLM provider. Instead of building and maintaining authentication, CORS proxies, PII protection, rate limiting, conversation memory, and observability yourself, you get all of it out of the box with a single API integration. It allows frontend developers to build secure AI apps without writing backend code.

Point your frontend directly at your Behest project URL. Behest handles CORS natively, so your browser-based app can call the AI API without a backend proxy. Sign up at behest.ai/dashboard, create a project, configure your allowed origins, and make standard fetch calls from your React, Vue, Svelte, or vanilla JS frontend. No server code required.

Hours, not months. Sign up at behest.ai/dashboard, create a project, copy your API key, and point your frontend at your project URL. The entire AI backend — auth, CORS, PII scrubbing, prompt defense, rate limiting, memory, and observability — is live immediately.

No. Behest uses an OpenAI-compatible REST API. Any HTTP client works — fetch, axios, requests, curl, or any language that can make HTTP POST requests. There is no proprietary SDK to learn or maintain.

AI FinOps is a broad term that often just means looking at your monthly cloud bill to see how much you spent on AI infrastructure. Token FinOps is the specific, operational practice of managing AI costs at the unit level (the token). While AI FinOps might tell you that you spent $50,000 on OpenAI last month, Token FinOps tells you exactly which user, in which project, during which session spent those tokens—and allows you to enforce hard budgets before the spend even happens. Token FinOps is the complete, proactive solution for GenAI unit economics.

Token FinOps is the practice of managing, allocating, and optimizing AI token costs across an enterprise. Behest provides complete AI usage visibility, attributing every dollar spent to specific users, projects, and sessions. This allows CFOs and platform teams to plan, forecast, and control AI spend effectively.

Unlike basic observability tools that only report costs after the fact, Behest sits in the request path. You can set hard token or dollar budgets per project, user, or department. If a request would exceed the budget, Behest blocks it instantly—preventing runaway costs before they hit your OpenAI or Anthropic invoice.

Behest's BYOAK v2 (Bring Your Own API Key) allows you to securely store provider keys per tenant or department. When a department makes an LLM request, it routes through their specific provider account. This means the actual LLM invoice from OpenAI or Google goes directly to that department, providing perfect billing isolation and eliminating the need for complex internal chargeback accounting.

Behest provides the technical controls required by emerging AI regulations. This includes immutable audit trails of all AI interactions, model allowlists to prevent the use of unapproved shadow IT models, and built-in guardrails (PII redaction and prompt injection defense) that map directly to NIST AI RMF risk management requirements.

Model allowlists let administrators strictly define which LLMs can be used by which applications or departments. If a developer tries to call an unapproved model (e.g., an experimental model that hasn't passed legal review), Behest blocks the request at the gateway level, ensuring enterprise-wide policy enforcement.

Behest includes PII Shield, powered by Microsoft Presidio. It operates in three modes: disabled, shadow (log but allow), and enforce (actively protect). In enforce mode, you choose from three actions: mask (reversible tokenization), redact (permanent removal), or block (reject the request entirely). PII is detected using named entity recognition and regex patterns before it ever reaches the LLM.

Behest includes Sentinel, an automatic prompt injection defense system. It uses multiple detection patterns to identify common jailbreak techniques, plus custom blocklists per project. Sentinel operates in three modes: disabled, shadow (log detected attacks), and enforce (block malicious prompts). All detection happens before the request reaches the LLM.

Yes. API keys are hashed with Argon2id, JWTs use RS256 signing, and tenant isolation ensures one customer's data is never accessible to another. Enterprise customers can self-host Behest in their own cloud infrastructure so data never leaves their environment.

Most LLM providers (OpenAI, Anthropic, Google) block browser requests because they do not support CORS. Behest solves this with per-project CORS configuration. Set your allowed origins in the Behest dashboard, and your frontend JavaScript can call the Behest API directly — no backend proxy needed.

Behest routes across all major LLM providers via LiteLLM: OpenAI, Anthropic, Google Gemini, Vertex AI, AWS Bedrock, Mistral, Cohere, OpenRouter, DeepSeek, Groq, Together AI, and Fireworks AI. Bring your own provider keys (BYOAK v2) for direct billing, or use the Behest-managed default (Gemini 2.5 Flash / Pro on Vertex AI) on the Free tier.

Behest uses the OpenAI-compatible API format. Send a POST request to /v1/chat/completions with an Authorization bearer token, a model name (e.g., gemini-2.5-flash), and a messages array. The response includes choices with message content, finish reason, and token usage statistics. Rate limit headers are included on every response.

Yes — on the Enterprise plan. Behest offers self-hosted deployment in your own cloud infrastructure. We provide Helm charts for Kubernetes (GKE Autopilot recommended), Docker Compose for local development, and ArgoCD support for GitOps workflows. With self-hosting, your data never leaves your infrastructure.

Behest stores conversation history per-user, per-session in Redis. You can configure the memory window from 0 to 100 message pairs. Memory is automatically injected into the LLM context, trimmed when it exceeds the window size, and can be cleared via API.

Behest enforces three tiers of rate limiting: configurable per-IP rate limiting (safety net), per-project (configurable from 1 to 10,000 requests per minute), and per-user (derived from project limits). Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) are included on every response so your app can handle limits gracefully.

Behest is a SaaS license — not a token markup business. You pay for the platform, not a per-token surcharge on LLM calls. A free trial is available with no credit card required. Contact our sales team for pricing details on pro and enterprise tiers.

Yes. Sign up at behest.ai/dashboard to start a free trial with no credit card required. You get access to the core developer platform — auth, CORS, PII Shield, Sentinel, memory, rate limiting, and observability — so you can evaluate Behest with your actual use case before committing. Note that the free self-service trial does not include the Token FinOps dashboards or enterprise cost-center rollups. To see Token FinOps in action, please contact sales for a demo.

Legacy gateways are primarily for routing and observability. Behest is a unified platform that adds deep Token FinOps (hard budget enforcement before the invoice) and Enterprise AI Governance (PII redaction, prompt injection defense, model allowlists) on top of a complete AI backend. If you need enterprise-grade cost control and compliance, Behest provides the necessary guardrails.

Basic observability tools focus heavily on logging, monitoring, and analyzing your LLM usage. Behest operates the entire AI infrastructure, including active Token FinOps and AI Governance. While observability tools watch your traffic, Behest actively manages it with hard budgets, PII scrubbing, and Sentinel prompt defense. Behest includes observability, but goes much further into active control.

An AI gateway sits in front of your LLM and watches traffic — routing, logging, and caching requests. An AI backend operates the full infrastructure: authentication, CORS handling, conversation memory, PII scrubbing, prompt injection defense, rate limiting, token budgets, and observability. A gateway observes; a backend operates. Behest is an AI backend.

Building your own AI backend means months of engineering: authentication, CORS proxy, PII detection, prompt injection defense, conversation memory, rate limiting, token tracking, and observability. Each component requires ongoing maintenance and security updates. Behest deploys in hours and includes all of these features out of the box, with self-hosted deployment available on the Enterprise plan. Most teams find the build-vs-buy math strongly favors buying.

OpenAI provides the language model. Behest provides everything between your app and the model: CORS handling so you can call from the browser, multi-tenant authentication, conversation memory, PII scrubbing, prompt injection defense, three-tier rate limiting, token budgets, and full observability. Using OpenAI directly means building all of that yourself. Behest gives you the complete AI backend so you can focus on your app.