Self-Serve
Allow users to create their own keys on Proxy UI.
- Add user with permissions to a team on proxy
- UI
- API
Go to Internal Users
-> +New User
Create a new Internal User on LiteLLM and assign them the role internal_user
.
curl -X POST '<PROXY_BASE_URL>/user/new' \
-H 'Authorization: Bearer <PROXY_MASTER_KEY>' \
-H 'Content-Type: application/json' \
-D '{
"user_email": "krrishdholakia@gmail.com",
"user_role": "internal_user" # 👈 THIS ALLOWS USER TO CREATE/VIEW/DELETE THEIR OWN KEYS + SEE THEIR SPEND
}'
Expected Response
{
"user_id": "e9d45c7c-b20b-4ff8-ae76-3f479a7b1d7d", 👈 USE IN STEP 2
"user_email": "<YOUR_USERS_EMAIL>",
"user_role": "internal_user",
...
}
Here's the available UI roles for a LiteLLM Internal User:
Admin Roles:
proxy_admin
: admin over the platformproxy_admin_viewer
: can login, view all keys, view all spend. Cannot create/delete keys, add new users.
Internal User Roles:
internal_user
: can login, view/create/delete their own keys, view their spend. Cannot add new users.internal_user_viewer
: can login, view their own keys, view their own spend. Cannot create/delete keys, add new users.
- Share invitation link with user
- UI
- API
Copy the invitation link with the user
curl -X POST '<PROXY_BASE_URL>/invitation/new' \
-H 'Authorization: Bearer <PROXY_MASTER_KEY>' \
-H 'Content-Type: application/json' \
-D '{
"user_id": "e9d45c7c-b20b..." # 👈 USER ID FROM STEP 1
}'
Expected Response
{
"id": "a2f0918f-43b0-4770-a664-96ddd192966e",
"user_id": "e9d45c7c-b20b..",
"is_accepted": false,
"accepted_at": null,
"expires_at": "2024-06-13T00:02:16.454000Z", # 👈 VALID FOR 7d
"created_at": "2024-06-06T00:02:16.454000Z",
"created_by": "116544810872468347480",
"updated_at": "2024-06-06T00:02:16.454000Z",
"updated_by": "116544810872468347480"
}
Invitation Link:
http://0.0.0.0:4000/ui/onboarding?id=a2f0918f-43b0-4770-a664-96ddd192966e
# <YOUR_PROXY_BASE_URL>/ui/onboarding?id=<id>
Use Email Notifications to email users onboarding links
- User logs in via email + password auth
LiteLLM Enterprise: Enable SSO login
- User can now create their own keys
Allow users to View Usage, Caching Analytics
- Go to Internal Users -> +Invite User
Set their role to Admin Viewer
- this means they can only view usage, caching analytics
- Share invitation link with user
- User logs in via email + password auth
- User can now view Usage, Caching Analytics
Available Roles
Here's the available UI roles for a LiteLLM Internal User:
Admin Roles:
proxy_admin
: admin over the platformproxy_admin_viewer
: can login, view all keys, view all spend. Cannot create/delete keys, add new users.
Internal User Roles:
internal_user
: can login, view/create/delete their own keys, view their spend. Cannot add new users.internal_user_viewer
: can login, view their own keys, view their own spend. Cannot create/delete keys, add new users.
Advanced
Setting custom logout URLs
Set PROXY_LOGOUT_URL
in your .env if you want users to get redirected to a specific URL when they click logout
export PROXY_LOGOUT_URL="https://www.google.com"
Set max budget for internal users
Automatically apply budget per internal user when they sign up. By default the table will be checked every 10 minutes, for users to reset. To modify this, see this
litellm_settings:
max_internal_user_budget: 10
internal_user_budget_duration: "1mo" # reset every month
This sets a max budget of $10 USD for internal users when they sign up.
This budget only applies to personal keys created by that user - seen under Default Team
on the UI.
This budget does not apply to keys created under non-default teams.