Stop sharing one OpenAI key across all your users

I see this pattern everywhere. A startup launches their AI feature, they drop a single OPENAI_API_KEY in their .env, and call it a day.

tbh, it works fine for the first 100 users. Then user 101 figures out how to write a 50-turn loop that triggers your agent to summarize War and Peace every hour, and your Stripe balance goes negative.

The problem isn't the API cost. The problem is you have zero multi-tenant attribution. When the $5k bill hits, all you see is gpt-4o usage. You have no idea who caused it.

If you are building B2B SaaS, you need to track cost per tenant from day one. Not per endpoint. Not per model. Per tenant.

How to actually fix this:

1. Stop using the raw OpenAI client everywhere. Wrap it.
2. Inject tenantId and userId into every single completion request as metadata or a tag.
3. Log the usage object from the response asynchronously. Don't block the critical path.

I built LLMeter exactly for this because I got tired of building the same tracking wrapper at every company. It's open source (AGPL), uses Supabase, and tracks cost per user and per day out of the box. ymmv with other tools, but you need something that gives you a dashboard of which users are burning your margin.

Stop flying blind.