In plain English
Portkey is an AI gateway: a single layer that sits between your application and every model provider you call — OpenAI, Anthropic, Google, your own self-hosted models — and turns the messy job of running LLMs in production into something you can see, control, and govern from one place. Your code makes one kind of request; Portkey routes it to the right model, logs what happened, enforces your rules, and tracks the cost.
If you have read what an LLM gateway is, Portkey is a full-featured example of one. The plain gateway idea is "one front door for all model providers." Portkey takes that front door and bolts on the things a team needs once real traffic and real money are involved: dashboards, guardrails, budgets, and policy.
Think of an airport control tower. Each plane (an LLM request) could in theory just take off and land on its own, but at a busy airport that is chaos. The tower gives every plane one place to call, decides which runway it uses, reroutes it when one runway is closed, records every movement, and stops anything dangerous from taking off. Portkey is that control tower for your LLM traffic: the planes still fly themselves, but nothing happens without passing through one coordinated, observable point.
Why it matters
A prototype that calls one model from one file is easy. The pain starts when an app becomes a product: many teams, many models, real users, and a bill that someone has to answer for. Those are exactly the problems Portkey is built to absorb.
- No single view of what's happening. When LLM calls are scattered across services, nobody can answer "what did we send, what came back, how long did it take, and what did it cost?" Portkey logs every request and response in one place, so debugging and auditing become possible at all.
- Providers fail, and you can't. APIs return rate-limit errors, time out, or have an outage. Without a gateway, each app has to write its own retry-and-fallback code. Portkey centralizes routing, retries, and fallbacks so one provider going down doesn't take your product down.
- Cost runs away quietly. A loop that re-asks the same question, or a team that quietly switches to an expensive model, can multiply a bill overnight. A gateway can cache repeats, attach a budget to each key, and show spend per team or feature before the invoice does.
- Safety can't live in every app. You don't want each service re-implementing its own checks for prompt injection, leaked secrets, or PII. A gateway lets you apply guardrails once, in the middle, where every request already passes through.
- Governance is a real requirement. In a company, someone needs to manage keys, decide who may call which model, and prove compliance. Doing that per-app doesn't scale; doing it at the gateway does.
Who cares about this? Mostly the people running LLMs in production — platform and LLMOps teams — rather than someone building a weekend demo. The value of Portkey grows with the number of apps, models, and people involved. One script calling one model rarely needs it; a company with a dozen services and several providers almost always does.
How it works
Mechanically, Portkey is an HTTP service that your app sends requests to instead of calling each provider directly. You change the base URL your client points at (and add a Portkey key plus a small config); the request body stays in a familiar, OpenAI-style shape. Portkey receives the call, applies your configured behavior, forwards it to the real provider, and streams the answer back — adding logging, routing, caching, and guardrails along the way.
The unified API
The foundation is a single, consistent request format that works across providers. Your code speaks one dialect; Portkey translates it to whatever the target model expects. That means switching from one model to another is a config change, not a code rewrite — and your app doesn't need a different SDK for every vendor.
Four jobs it does in the middle
Everything Portkey adds happens while the request is passing through, driven by a config you control without touching app code:
- Routing and fallbacks. Pick the target model, retry on transient errors, and fall back to a backup model or provider if the first choice fails. You can also load-balance across several keys or providers.
- Observability. Record each request and response, its latency, token counts, and cost, and attach metadata (which user, team, or feature) so you can slice the logs later.
- Guardrails. Run checks on the input and output — for example, blocking PII or obvious injection attempts, or validating that the output matches a required shape — and decide whether to allow, block, or flag the request.
- Governance and cost control. Manage virtual keys, set budgets and rate limits per key or team, and enforce who is allowed to use which model.
from openai import OpenAI
# Same OpenAI-style client — only the base URL and headers change.
# The gateway then routes, logs, and guards the call for you.
client = OpenAI(
base_url="https://api.portkey.ai/v1",
api_key="PORTKEY_API_KEY",
default_headers={
# Tells the gateway which provider/config to use for this call.
"x-portkey-config": "my-config-id",
},
)
resp = client.chat.completions.create(
model="gpt-4o-mini", # swap the target model via config, not code
messages=[{"role": "user", "content": "Summarize our refund policy."}],
)
print(resp.choices[0].message.content)Portkey vs LiteLLM: managed control plane vs self-hosted proxy
The most common comparison is Portkey vs LiteLLM, because both put one API in front of many providers. The honest difference is one of scope and ownership. LiteLLM is, at its core, a self-hosted proxy and library you run and operate yourself — lean, code-first, and very flexible. Portkey is a broader managed control plane that layers a hosted dashboard, guardrails, and governance on top of the routing — though, as of March 2026, its gateway is open-source too, so you can self-host it or use the cloud.
- Gateway + hosted control plane
- Built-in dashboards & analytics
- Guardrails and governance included
- Cloud, or self-host the open gateway
- Leans toward teams & policy
- Self-hosted proxy & Python library
- You wire up your own dashboards
- Lighter, code-first surface
- You run and operate the server
- Leans toward developer control
Neither is simply "better." If you want maximum control, minimal dependencies, and you're comfortable operating the proxy yourself, a tool like LiteLLM fits. If you want observability, guardrails, and team governance out of the box without assembling them, Portkey fits. Both deliver the underlying gateway benefit — see what an LLM gateway is for the shared foundation, and model routing and provider failover for the mechanics they both implement.
When to reach for Portkey (and when not to)
A gateway like Portkey earns its keep with scale and shared ownership, and adds friction when neither is present. A rough guide:
| Situation | Worth a gateway like Portkey? |
|---|---|
| One script, one model, one developer | Usually no — direct calls are simpler |
| Several apps calling several providers | Yes — one front door avoids duplicated routing code |
| You need provider failover and retries | Yes — centralize it once instead of per app |
| Finance asks "what are we spending and where?" | Yes — per-key, per-team cost tracking is the point |
| Multiple teams sharing model access | Yes — virtual keys, budgets, and policy live here |
| You must apply safety checks everywhere | Yes — guardrails in the middle cover every call |
| Lowest possible latency, no extra hops | Be careful — a gateway adds a network hop |
Going deeper
Once the basics click, a few nuances separate a toy setup from a production one.
Self-host vs cloud is a real decision, not a checkbox. Running the open-source gateway yourself keeps your traffic and logs inside your own network — often required for privacy or compliance — but now you own its uptime, scaling, and upgrades. The managed cloud removes that operational load but routes your requests through a third party. The trade is the usual one between control and convenience; see self-host vs API cost for how that math tends to go.
The gateway is now on your critical path. Every LLM call depends on it, so its own reliability becomes your app's reliability. That means health checks, sensible timeouts, and ideally a way to degrade gracefully if the gateway itself is unreachable. A control plane that's down is worse than no control plane — plan for it the way you would any other production dependency.
Caching changes correctness, not just cost. Returning a cached answer for a repeated prompt saves money and latency, but a stale cached answer can be wrong if the underlying facts changed. Decide deliberately what is safe to cache and for how long, rather than caching everything by default.
Guardrails are a safety net, not a guarantee. A gateway-level check for injection or PII reduces risk but never removes it — treat retrieved or user-supplied text as untrusted regardless. Guardrails at the gateway complement, not replace, careful prompt design and per-app validation.
It smooths model migrations. Because the unified API decouples your code from any one provider, swapping models — when one is deprecated, or a cheaper one appears — becomes a config change at the gateway instead of edits across every service. That is one of the quieter but most durable wins; see model deprecation and migration for why that decoupling pays off over time.
FAQ
What is Portkey used for?
Portkey is an AI gateway used to route, observe, and govern production LLM traffic from one place. Teams use it to give every model provider a single API, log and cost-track every request, fall back to a backup model when one fails, and apply guardrails and budgets across many apps without changing each app's code.
Is Portkey open source?
Its gateway was open-sourced in March 2026, so you can self-host it as well as use the managed cloud. Self-hosting keeps traffic and logs inside your own network at the cost of operating the service yourself; the cloud removes that operational work but routes requests through a third party.
What's the difference between Portkey and LiteLLM?
Both put one API in front of many providers. LiteLLM is at heart a lean, self-hosted proxy and library that you run and customize yourself. Portkey is a broader control plane that adds a hosted dashboard, guardrails, and team governance on top of routing — though its gateway can now also be self-hosted. Pick LiteLLM for maximum developer control, Portkey for batteries-included observability and governance.
Does an AI gateway like Portkey add latency?
Yes, a little. Because the gateway sits on the request path, each call makes one extra network hop before reaching the provider. In exchange you get centralized routing, logging, caching, and guardrails. For most production apps the added latency is small relative to model generation time, but it's a real trade-off to measure.
Do I need an AI gateway for a small project?
Usually not. If you have one app calling one model, direct API calls are simpler and have one less moving part. A gateway earns its place once you have multiple apps, multiple providers, shared cost tracking, failover needs, or governance requirements across a team.