Securing API Keys and Tenant Data Without Guesswork

How scoped keys, Firebase rules, and per-project secrets keep multi-tenant ingestion endpoints safe.

5 min read

API securitymulti-tenant SaaSkey management

Multi-tenant billing data is messy by default. We learned that the hard way when a staging API key leaked and started writing events into production accounts. Since then we’ve tightened our process so keys, auth, and Firestore rules work together without manual babysitting.

API Keys With Scope

  • Each project receives its own key limited to ingestion endpoints.
  • Keys carry metadata so we can trace requests back to specific services.
  • Rotation runs on a schedule, UsageBox issues replacements and we notify integrators automatically.

If a key is compromised, we revoke it without touching other tenants.

Identity First

Every request arrives with a Firebase token. Middleware validates it, enriches the request with tenant context, and enforces per-account rate limits. The same token gates dashboard access, so support and customers see consistent data. The metering pipeline builds on that foundation.

Firestore Rules That Actually Block Things

  • Documents live under customer-specific collections; cross-tenant reads fail by default.
  • Support roles gain read access through service accounts with limited scopes.
  • Usage events are append-only. Corrections happen through adjustments, not edits.

Network Hygiene

Cloud Run middleware handles schema validation, IP allow lists for strict customers, and rate limiting for noisy clients. We log everything to Cloud Logging so we can replay suspicious traffic if needed.

Partner Integrations

Partners receive their own key sets. We tag partner-generated usage differently so finance can reconcile commissions and attribution. Audit logs keep a trail of every call.

Rolling Out Secure Metering

  1. Configure Firebase Authentication and decide how tenants will be represented.
  2. Generate keys per project and store them in your secret manager, not in code.
  3. Review Firestore rules with both engineering and support to ensure the right access exists.
  4. Load test your ingestion endpoints with invalid payloads to confirm validation works.

The end result is dull by design: keys stay scoped, tenants stay isolated, and compliance reviews stop feeling stressful.

Key Topics

  • API security
  • multi-tenant SaaS
  • key management

Related Articles

Explore more articles on similar topics to deepen your understanding of usage-based billing.

The Fable 5 Usage-Credits Switch (July 20): the 50% Rule, the Math, and the July 17 False Alarm

Included Fable 5 access on Claude subscriptions ends July 19, 2026; from July 20 every Fable 5 token beyond the plan's i...

9 min readRead more

AI Credits Are the New Pricing Primitive: Three Cutovers in Seven Weeks (GitHub, OpenAI, Anthropic)

Between June 1 and July 20, 2026, GitHub, OpenAI, and Anthropic all moved flagship products onto credit-based metering: ...

10 min readRead more

Sonnet 5 Intro Pricing Ends August 31: The +50% Flip and the August Checklist

Claude Sonnet 5 launched June 30, 2026 at introductory pricing - $2 per million input tokens, $10 per million output, th...

8 min readRead more

Explore More Articles

Discover our complete collection of usage-based billing guides and implementation patterns.

View all articles