Frequently Asked Questions
Everything you need to know about Behest AI, the AI Backend as a Service. Can't find your answer? Contact us.
Product
What Behest AI is and how it works.
What is Behest AI?
Behest AI is an AI Backend as a Service. It provides everything between your app and your LLM in one API call — authentication, CORS handling, conversation memory, PII scrubbing, prompt injection defense, rate limiting, token budgets, and full observability. You focus on building your app; Behest handles the AI backend.
What is an AI Backend as a Service?
An AI Backend as a Service is the complete infrastructure layer between your application and your LLM provider, managed as a service. Instead of building and maintaining authentication, CORS proxies, PII protection, rate limiting, conversation memory, and observability yourself, you get all of it out of the box with a single API integration. Enterprise customers can self-host Behest in their own cloud for full data residency control.
How do I add AI to my web app without building a backend?
Point your frontend directly at your Behest project URL. Behest handles CORS natively, so your browser-based app can call the AI API without a backend proxy. Sign up at behest.ai/dashboard, create a project, configure your allowed origins, and make standard fetch calls from your React, Vue, Svelte, or vanilla JS frontend. No server code required.
How long does it take to set up Behest AI?
Hours, not months. Sign up at behest.ai/dashboard, create a project, copy your API key, and point your frontend at your project URL. The entire AI backend — auth, CORS, PII scrubbing, prompt defense, rate limiting, memory, and observability — is live immediately. Compare that to months of engineering to build the same stack yourself.
Does Behest require an SDK?
No. Behest uses an OpenAI-compatible REST API. Any HTTP client works — fetch, axios, requests, curl, or any language that can make HTTP POST requests. There is no proprietary SDK to learn or maintain. If you can call a REST endpoint, you can use Behest.
Is Behest AI OpenAI-compatible?
Yes. Behest exposes the standard POST /v1/chat/completions endpoint with the same request and response format as OpenAI. You send a model name and a messages array, and receive choices with message content. Existing code that calls OpenAI can switch to Behest by changing the base URL and API key.
Technical
Architecture, integrations, and implementation details.
How do I call an LLM API from my browser?
Most LLM providers (OpenAI, Anthropic, Google) block browser requests because they do not support CORS. Behest solves this with per-project CORS configuration. Set your allowed origins in the Behest dashboard, and your frontend JavaScript can call the Behest API directly — no backend proxy needed. Behest handles preflight responses, credentials, and origin validation automatically.
What LLM models does Behest support?
Behest currently supports Google Gemini models, including Gemini 2.5 Flash and Gemini 2.5 Pro. Multi-provider smart routing across OpenAI, Anthropic, Mistral, and other providers is on the roadmap. You can track progress on our public roadmap at behest.ai/roadmap.
What is the Behest API format?
Behest uses the OpenAI-compatible API format. Send a POST request to /v1/chat/completions with an Authorization bearer token, a model name (e.g., gemini-2.5-flash), and a messages array. The response includes choices with message content, finish reason, and token usage statistics. Rate limit headers are included on every response.
Can I self-host Behest?
Yes — on the Enterprise plan. Behest offers self-hosted deployment in your own cloud infrastructure. We provide Helm charts for Kubernetes (GKE Autopilot recommended), Docker Compose for local development, and ArgoCD support for GitOps workflows. With self-hosting, your data never leaves your infrastructure — the entire backend runs in your cloud. Free, Pro, and Business plans run on Behest-managed infrastructure.
How does Behest handle conversation memory?
Behest stores conversation history per-user, per-session in Redis. You can configure the memory window from 0 to 100 message pairs. Memory is automatically injected into the LLM context, trimmed when it exceeds the window size, and can be cleared via API. Users pick up conversations where they left off without your app managing any state.
Can I bring my own LLM API keys?
Bring Your Own Keys is coming soon. Currently, Behest is powered by Google Gemini and handles LLM billing through the platform. Once BYO Keys launches, you will be able to use your own OpenAI, Anthropic, Mistral, or other provider API keys and route requests through your existing accounts. Check our roadmap at behest.ai/roadmap for updates.
Security
PII protection, prompt injection defense, and data security.
How does Behest handle PII?
Behest includes PII Shield, powered by Microsoft Presidio. It operates in three modes: disabled, shadow (log but allow), and enforce (actively protect). In enforce mode, you choose from three actions: mask (reversible tokenization), redact (permanent removal), or block (reject the request entirely). PII is detected using named entity recognition and regex patterns before it ever reaches the LLM.
How do I protect my app from prompt injection?
Behest includes Sentinel, an automatic prompt injection defense system. It uses multiple detection patterns to identify common jailbreak techniques, plus custom blocklists per project. Sentinel operates in three modes: disabled, shadow (log detected attacks), and enforce (block malicious prompts). All detection happens before the request reaches the LLM.
Is my data secure with Behest?
Yes. API keys are hashed with Argon2id, JWTs use RS256 signing, and tenant isolation ensures one customer's data is never accessible to another. PII Shield can scrub sensitive data before it reaches the LLM, and kill switches provide instant emergency shutdown at global, tenant, or project level. Enterprise customers can self-host Behest in their own cloud infrastructure so data never leaves their environment.
How does Behest handle rate limiting?
Behest enforces three tiers of rate limiting: configurable per-IP rate limiting (safety net), per-project (configurable from 1 to 10,000 requests per minute), and per-user (derived from project limits). Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) are included on every response so your app can handle limits gracefully.
Pricing
Business model, free trial, and cost structure.
How much does Behest cost?
Behest is a SaaS license — not a token markup business. You pay for the platform, not a per-token surcharge on LLM calls. A free trial is available with no credit card required. Contact our sales team for pricing details on pro and enterprise tiers.
Is there a free trial?
Yes. Sign up at behest.ai/dashboard to start a free trial with no credit card required. You get access to the full platform — auth, CORS, PII Shield, Sentinel, memory, rate limiting, and observability — so you can evaluate Behest with your actual use case before committing.
What is Behest's business model?
Behest operates on a SaaS license model. You pay for the platform, not a markup on LLM tokens. You can bring your own LLM API keys (coming soon) or use models through Behest with pass-through billing. This means your AI costs stay predictable and transparent — Behest earns from the backend service, not from inflating your token spend.
Comparisons
How Behest compares to alternatives.
How does Behest compare to Portkey?
Portkey is an AI gateway — it routes and observes LLM traffic. Behest is an AI backend — it operates the full stack between your app and the LLM. Behest includes auth, CORS, conversation memory, PII scrubbing, prompt injection defense, rate limiting, token budgets, and observability. Portkey provides routing, caching, and monitoring. If you need a complete AI backend, not just a gateway, Behest is the more comprehensive solution.
How does Behest compare to Helicone?
Helicone is an observability platform — it logs, monitors, and analyzes your LLM usage. Behest operates the entire AI backend: auth, CORS, memory, PII protection, prompt defense, rate limiting, and observability. Helicone watches your traffic; Behest runs it. If you need observability alone, Helicone is focused. If you need the full backend, Behest includes observability and everything else.
What is the difference between an AI gateway and an AI backend?
An AI gateway sits in front of your LLM and watches traffic — routing, logging, and caching requests. An AI backend operates the full infrastructure: authentication, CORS handling, conversation memory, PII scrubbing, prompt injection defense, rate limiting, token budgets, and observability. A gateway observes; a backend operates. Behest is an AI backend.
Should I build or buy my AI backend?
Building your own AI backend means months of engineering: authentication, CORS proxy, PII detection, prompt injection defense, conversation memory, rate limiting, token tracking, and observability. Each component requires ongoing maintenance and security updates. Behest deploys in hours and includes all of these features out of the box, with self-hosted deployment available on the Enterprise plan. Most teams find the build-vs-buy math strongly favors buying.
How does Behest compare to using OpenAI directly?
OpenAI provides the language model. Behest provides everything between your app and the model: CORS handling so you can call from the browser, multi-tenant authentication, conversation memory, PII scrubbing, prompt injection defense, three-tier rate limiting, token budgets, and full observability. Using OpenAI directly means building all of that yourself. Behest gives you the complete AI backend so you can focus on your app.