Bring Your Own AI Keys

Every AI-powered feature in FolioReady — field extraction, document synopsis, folio insights — runs on a large-language-model provider. By default we run them on our shared account, and the cost is bundled into your plan. If you'd rather route AI calls through your own Anthropic, OpenAI, or DeepSeek account, Bring Your Own AI Keys lets you paste in the key and take it from there. Your calls, your billing relationship, your model choices.

Company → AI Credentials lists every provider key you've configured, scoped by action.

Why Use Your Own AI Keys?

Billing goes through your own provider account

When you paste in your own API key, AI usage shows up on your Anthropic, OpenAI, or DeepSeek invoice — not on your FolioReady bill. If your firm already has an LLM spend budget, an enterprise agreement, or tax treatment that depends on a specific vendor, routing calls through your own account keeps AI spend where your finance team already tracks it.

Pick the right model for each job

Not every AI action needs the same horsepower. Document synopsis is a fast, bulk-summarisation task — a smaller model handles it cheaply. Folio Insights, where the AI is reading a whole folio and proposing field updates, benefits from a stronger model. With BYO keys you can set a different provider or model per action: one key (or one model) for insights, another for synopsis, another for extraction.

Your key stays encrypted

Your API key is encrypted at rest the moment you save it. It's never displayed back to you after save, never written to logs, and only decrypted at the moment FolioReady makes the API call on your behalf. You can rotate or replace the key at any time — removing it simply falls you back to the shared FolioReady key.

Switch back with one click

You're not locked in. Remove your BYO key and FolioReady resumes using the shared provider account with no change to your data or your workflow. The AI-powered features keep working exactly as they did — only the invoice changes.

How It Works

1. Open Company → Credentials

From the manager sidebar, navigate to Company → Credentials. This is the one place where all your AI provider keys live.

The Company section exposes AI Credentials as a dedicated tab.

2. Add a new credential

Click New credential. Pick a provider (Anthropic, OpenAI, or DeepSeek), optionally pick a specific model, and paste your API key. If you're using a proxy endpoint (an internal gateway, a regional endpoint), enter it in the Base URL field — otherwise leave it blank and FolioReady will use the provider's default.

New credential form — pick a provider, paste your key, and optionally point at a proxy endpoint.

3. Choose a scope — default or per-action

Each credential is either a default (used for every AI action that doesn't have its own override) or a per-action override (used only for a specific action like insights or synopsis). You can have one default and any number of per-action overrides at the same time.

A common pattern: one default OpenAI key with a mid-tier model, plus an Anthropic override just for insights that uses a stronger model. The platform picks the right key for each call automatically.

Scope each credential to a specific AI action — extraction, insights, synopsis, or builder.

4. Save — your key is encrypted immediately

As soon as you save, the key is encrypted. The credentials list shows the provider, model, and scope, but the key itself is never displayed back to you. That's not a UI limitation — the stored ciphertext is not reversible from the app's perspective, only at the moment of making an API call.

5. Use FolioReady as normal

The next AI call from any feature automatically uses your new credential. No restart, no cache flush, no per-folio toggle. You'll see the usage on your provider's billing dashboard; on the FolioReady side everything works exactly as it did before.

Configuration

Setting	What it controls
Provider	Anthropic, OpenAI, or DeepSeek — which LLM vendor the key authenticates with
Model	The specific model ID to use for calls that go through this credential (leave blank for the provider default)
API key	Your provider-issued API key. Encrypted on save; never displayed back
Base URL	Optional. Use a custom endpoint (e.g., an enterprise proxy or an OpenAI-compatible service). Leave blank for the provider default
Action scope	Leave blank to use this credential as your company default, or select a specific action (insights, synopsis, extraction, onboarding) to scope it

Tips

Start with a default, refine with overrides. If you're just trying BYO for the first time, add a single default credential and let it cover every action. You can layer in per-action overrides later as you learn which actions benefit from a different model.
Rotating keys is just replace-and-save. If your provider key leaks or rotates on a schedule, edit the credential and paste the new key. The old ciphertext is overwritten; past calls are not affected.
Removing a BYO key is safe. Delete the credential and AI calls immediately fall back to the shared FolioReady key. No feature flags, no downtime.
The Base URL is for proxies, not providers. If you want to use a different provider entirely, create a new credential with that provider selected. Only use Base URL when you're pointing at an OpenAI-compatible or Anthropic-compatible endpoint that isn't the default.

AI Automation — Automatic field extraction from uploaded documents
Document Synopsis — One-paragraph AI summaries of every uploaded file
Folio Insights — Ask cross-document questions of a folio in plain language