Dashboard Guide

ℹ️ This UI walkthrough is still accurate. The code examples may reference the v1.x BehestClient; see the v1.5 quickstarts (React + Vite, Next.js) for the current SDK shape.

The Behest dashboard is the control plane for your AI backend. This guide covers every workflow: signing in, managing projects, configuring guardrails, handling API keys and provider keys, deploying changes, and viewing usage.

Signing In

Navigate to behest.ai and click Sign In or Get Started.

Behest supports three authentication methods:

No password is required. No credit card is required for the free tier.

After authentication, you land in the Behest dashboard. If this is your first time, you will see an empty state with a prompt to create your first project.

Magic link tips

• Check your spam folder if the email does not arrive within 30 seconds.
• Magic link emails expire after 10 minutes. Request a new one if needed.
• Your email client may show a "This link requires a redirect" warning — this is expected. Click through to complete sign-in.

Returning users

If you sign up with Google and then try to sign in with your email address, or vice versa, Behest recognizes the same email and links your sessions automatically.

Tenants

A tenant is the top-level account that owns projects, API keys, and provider keys. When you sign up, Behest creates a tenant for you automatically.

The tenant ID is visible in the dashboard URL and in API responses. You will see it as X-Tenant-Id in request headers and as the tid claim in JWTs.

Creating and Managing Projects

Creating a project

1. On the Projects page, click Create Project.
2. Enter a project name (e.g., "my-app", "customer-chatbot", "internal-tool").
3. Click Create.

Behest generates a unique slug (short, URL-safe identifier) from your project name. The slug is used in routing: requests that include X-Project-Slug: your-slug are routed to this project's configuration.

Two FQDNs are provisioned asynchronously:

• {slug}.dev.internal.behest.ai — for development
• {slug}.prod.internal.behest.ai — for production

DNS provisioning runs in the background. The project is usable via the main API gateway (https://api.behest.app/v1) immediately — you do not need to wait for DNS.

Free tier limit: Up to 3 projects. Upgrade to Pro for unlimited projects.

Viewing your projects

The Projects page lists all projects with their slug, status, and creation date. Click a project to open its settings.

Project status values:

• Active — project is running and accepting requests
• Suspended — project has been suspended (automatic on budget/limit violation, or manual)
• Pending — DNS provisioning is still running

Deleting a project

From the project settings page, scroll to the Danger Zone section and click Delete Project. This is irreversible — API keys, settings, and Redis configuration are deleted.

Project Settings

Every project has configurable settings. Navigate to a project and select the appropriate settings tab.

System Prompt

The system prompt is prepended to every request routed through this project. Set it once here rather than including it in every API call.

Example:

You are a helpful customer support assistant for Acme Corp.
Reply in a friendly, professional tone. Keep responses under 200 words.

The system prompt is stored in the database and synced to Redis on deploy. Maximum 32,000 characters.

Model Selection

Select the LLM model for this project. The available models depend on which provider keys you have configured (see Provider Key Management).

The platform default is gemini-2.5-flash — this works without any BYOK configuration. To use GPT-4o, Claude, or other models, add the corresponding provider key first.

After selecting a model, click Save and then Deploy. The model change takes effect within 30 seconds.

Rate Limits

Setting a tokens_per_day value creates a soft token budget. When the budget is exceeded, requests return 429 BEHEST_BUDGET_EXCEEDED until the next billing period.

Memory Window

The memory_window setting controls how many messages of conversation history are retained in the context for memory-enabled projects. Range: 0–500 messages.

CORS Origins

Restrict which browser origins can call your project's API endpoint. Enter the full origin (scheme + host, no trailing slash):

https://your-app.com
https://staging.your-app.com

Use * to allow all origins (development only — not recommended for production).

CORS wildcard + credentials is not allowed by the HTTP spec. Do not set * and cors_allow_credentials: true simultaneously.

Guardrails

Configure PII Shield and Sentinel here. See the Guardrails guide for full documentation.

Deploying Changes

Behest uses a draft and deploy model. Configuration changes are saved as drafts until you explicitly deploy them.

Why: guardrail changes, model changes, and system prompt updates are potentially impactful. Deploying as a deliberate step prevents accidental changes from affecting live traffic.

How to deploy

1. Make your changes in the project settings (model, guardrails, CORS, system prompt, etc.).
2. Click Save to store the draft.
3. Click Deploy to push all settings to the Redis cache and activate them at the Kong gateway.

Changes take effect within 30 seconds — that is the Redis cache TTL at the gateway.

What gets deployed

The deploy step writes these Redis keys for your project:

config:{projectId}:provider_model      — selected LLM model
config:{projectId}:system_prompt       — system prompt text
config:{projectId}:pii_mode            — PII Shield mode
config:{projectId}:pii_entities        — entity-action map
config:{projectId}:sentinel_mode       — Sentinel mode
config:{projectId}:sentinel_blocklist  — custom blocklist terms
config:{projectId}:rpm_limit           — rate limit
config:{projectId}:tokens_per_day      — token budget

API Key Management

API keys are the credentials your applications use to authenticate with Behest.

Creating an API key

1. Navigate to your project.
2. Open the API Keys tab (or go to the project's settings page).
3. Click Create API Key.
4. Give the key a descriptive name (e.g., "production-server", "dev-testing").
5. Copy the key immediately — it is shown once and cannot be retrieved again. Behest stores only an Argon2id hash.

API key format

API keys look like: bh_live_abcdefgh... (40+ characters).

The bh_live_ prefix identifies it as a Behest API key. Test and development key separation (e.g., bh_test_) is planned for a future release.

Using your API key

Include the key as a Bearer token in the Authorization header:

Authorization: Bearer bh_live_YOUR_API_KEY

The SDK handles this automatically:

const client = new BehestClient({ apiKey: "bh_live_..." });

Rotating an API key

To rotate a key:

1. Create a new API key.
2. Update all services and applications that use the old key.
3. Delete the old key from the API Keys page.

Keys do not expire automatically. Revoke them promptly if compromised.

Revoking an API key

From the API Keys page, click the trash icon next to the key you want to revoke. Deletion is immediate — any request using that key will receive 401 from that moment on.

Provider Key Management (BYOK)

Provider keys are your API keys for LLM providers (OpenAI, Anthropic, Google, etc.). Behest encrypts them and uses them on your behalf when routing requests.

Provider keys are tenant-level — they apply to all projects under your account. This means you configure each provider key once, and all your projects can use models from that provider.

Adding a provider key

1. Navigate to Settings > Providers in the dashboard sidebar.
2. Click Add Provider for the provider you want to configure.
3. Select the provider (OpenAI, Anthropic, Google, Mistral, Cohere, OpenRouter).
4. Paste your provider API key.
5. Click Save. Behest validates the key format and stores it encrypted.

The key is encrypted at rest using AES-256-GCM. The plaintext key exists only for the duration of a single request, in memory, and is never logged.

Supported providers

Updating a provider key

Click Edit next to the provider on the Settings > Providers page. Enter the new key and save. The encrypted key in Redis is updated immediately.

Removing a provider key

Click Remove next to the provider. Any project configured to use models from that provider will stop working until a new key is added or the project model is changed to a different provider.

Viewing Analytics and Usage

The Analytics page shows usage metrics for your projects.

Current analytics include:

• Request counts over time
• Error rates by error type
• Token usage (prompt tokens, completion tokens, total)

Guardrail events

Navigate to your project's Logs page to see recent guardrail detections and blocks. The events feed shows:

• PII detections (entity types found, mode, action taken)
• Sentinel matches (jailbreak patterns, blocklist hits, mode, action taken)
• The request_id for each event (for support correlation)

Usage limits

Your current plan's limits are visible in the Billing section. Usage approaching a limit triggers a warning at 80% consumption.

Team Management

Multi-user team management with RBAC (roles, invite by email, audit log) is planned for Phase 3. Currently, each Behest account is single-user.

To share access with a teammate today, the workaround is to share login credentials — this is not recommended for production environments. Enterprise accounts can contact support for a temporary solution while team features are in development.

Dashboard Navigation Reference