Multi-Tenant Isolation
ai.TokenHub provides enterprise-grade multi-tenant isolation to ensure data security and resource independence.
Core Features
Tenant Isolation
- Data Isolation: Complete data isolation between tenants
- Resource Isolation: Independent quotas and model access permissions
- Network Isolation: Dedicated network channels and API endpoints
Sub-Account System
Create multiple sub-accounts with fine-grained permission and quota allocation.
json
{
"sub_accounts": [
{
"id": "sub_001",
"name": "Development Team",
"role": "developer",
"quota_limit": 1000000,
"permissions": ["chat", "embeddings"]
},
{
"id": "sub_002",
"name": "Product Team",
"role": "product",
"quota_limit": 500000,
"permissions": ["chat"]
}
]
}API Key Management
Create multiple API Keys with individual quotas and expiration settings.
json
{
"api_keys": [
{
"id": "key_001",
"name": "Production Key",
"status": "active",
"quota_limit": 1000000,
"expires_at": "2025-12-31T23:59:59Z",
"allowed_ips": ["203.0.113.0/24"],
"allowed_models": ["gpt-4o", "gpt-4o-mini"]
}
]
}Permission Hierarchy
Super Admin
│
├── Tenant Admin
│ │
│ ├── Sub-account (Dev)
│ │ ├── API Key 1
│ │ └── API Key 2
│ │
│ └── Sub-account (Product)
│ └── API Key 3
│
└── Finance Admin
└── Billing AccessUse Cases
| Scenario | Description |
|---|---|
| Department Isolation | Separate quotas and permissions per department |
| Environment Isolation | Separate prod/test/dev environments |
| Project Isolation | Independent management and billing per project |
| Customer Isolation | SaaS service for different customers |
Best Practices
- Least Privilege: Grant permissions as needed
- Regular Rotation: Rotate API Keys periodically
- Quota Control: Set reasonable quota limits per Key
- IP Whitelist: Enable IP restrictions for production
- Usage Analytics: Regularly review Key usage