Stop flying blind
on AI costs.

Leashly sits between your app and any LLM provider. Enforce spend caps, rate limits, and prompt injection protection — in one env var change.

Get started free →See how it works

No credit card required · 5 minute setup · Works with OpenAI, Anthropic, Gemini

js
1// Before
2const openai = new OpenAI({ apiKey: process.env.OPENAI_API_KEY })
3
4// After — that's it.
5const openai = new OpenAI({
6 apiKey: "lsh_xxxxxxxxxxxx",
7 baseURL: "https://api.leashly.dev/proxy"
8})
Protecting AI spend for 200+ teams
Acme Corp·Buildfast·NovaMind·Layerstack·Shipyard

One abusive user.
One overnight script.
$40,000 bill.

There are no guardrails between your app and the LLM API. One misconfigured feature, one abusive user, or one runaway script — and your next invoice is unrecognizable.

No rate limits means no friction for abuse. No spend caps means no ceiling on damage. No attribution means no idea which user, feature, or bug caused it.

terminal

One proxy. Full control.

The same interface your SDK already uses. Zero refactoring.

Enforce rules

Set spend caps per user, per day, per model. Rate limits that actually work. Injection filter that catches attacks before they hit the model.

See everything

Every token, every request, every dollar — attributed to the exact user, feature, and model that spent it. No more mystery invoices.

Zero code changes

Change one environment variable. Leashly is fully compatible with the OpenAI SDK. Your app doesn't know the difference.

Your App
OpenAI SDK
Leashly Proxy
rate limits · spend caps · injection filter
LLM Provider
OpenAI / Anthropic / Gemini

Everything you need to ship AI safely

Built for production from day one.

💰

Spend caps

Daily, weekly, monthly limits per key or per user. Block or alert when thresholds are hit.

Rate limiting

Per-minute, per-hour throttling with token bucket algorithm. Per account, key, or IP.

🛡️

Prompt injection shield

Blocks 50+ known jailbreak and extraction patterns. Three sensitivity levels.

📊

Cost attribution

See exactly which user and feature is burning money. Full model breakdown.

🔔

Real-time alerts

Email and in-app notifications when spend thresholds or rate limits are hit.

📋

Full audit logs

Every request logged with tokens, cost, duration, model, and flag reason.

Works with every LLM SDK

One line change. Drop-in compatible.

js
1import OpenAI from 'openai';
2
3const client = new OpenAI({
4 apiKey: process.env.LEASHLY_KEY, // your lsh_xxx key
5 baseURL: 'https://api.leashly.dev/proxy',
6});
7
8const response = await client.chat.completions.create({
9 model: 'gpt-4o',
10 messages: [{ role: 'user', content: 'Hello!' }],
11});

Simple pricing.

Saves itself in week one.

Free

$0/mo
  • 10,000 proxied requests/mo
  • 1 API key
  • Basic rate limiting
  • 7-day log retention
  • Community support
Get started free
Most popular

Pro

$29/mo
  • Unlimited requests
  • 10 API keys
  • All rule types
  • 90-day log retention
  • Email alerts
  • Priority support
Start free trial

Team

$99/mo
  • Everything in Pro
  • Unlimited API keys
  • 5 team seats
  • SSO
  • Dedicated Slack
  • SLA guarantee
Contact sales

FAQ

No. The proxy runs in the same region as your LLM provider. Typical overhead is under 5ms.

Yes. Keys are encrypted at rest with AES-256. We never log or expose them in any response.

Yes. Leashly fully supports server-sent events (SSE) streaming responses, passing them through transparently.

OpenAI, Anthropic, Google Gemini, and any OpenAI-compatible endpoint. Add custom endpoints in the dashboard.

Leashly returns a 429 with a clear JSON error: { error: { message: 'Daily spend cap exceeded', type: 'rate_limit_error' } }. Your app gets a clean error to handle.

Yes. Leashly is open-source. Deploy it on Vercel, Railway, or any Node.js host in minutes with a single .env change.

Start protecting your AI spend today.

Free forever for indie devs. No credit card required.

Create your free account →
orRead the docs