Skip to main content
When you expose LLM functionality directly to the frontend, you need robust controls to prevent abuse and manage costs. Nuabase provides these controls out of the box.

User Identity

Every request made via the Frontend SDK is tied to a specific User ID. This ID is embedded in the signed JWT token you generate on your backend. 
# The 'user_id' here is the key to all rate limiting and budgeting
Nuabase::NuaTokenGenerator.new(
  signing_key_secret: secret,
  user_id: 'user_123' 
)
This means Nuabase knows exactly who is making the request, not just which API key is being used.

Budgets & Quotas

You can define budgets at the user level.
  • Dollar Limit: “Max $5.00 per month per user”.
  • Token Limit: “Max 1M tokens per day”.
If a user exceeds their quota, Nuabase rejects their requests with a 429 Too Many Requests error, protecting your credit card from runaway costs.

Rate Limiting

You can also enforce rate limits to prevent rapid-fire requests (e.g., a script trying to scrape your API).
  • “Max 10 requests per minute”.
  • “Max 100 requests per hour”.

Strict Output Validation

Security isn’t just about costs; it’s also about data integrity. Nuabase enforces your Zod schema strictly.
  • If the LLM returns a string where a number is expected, Nuabase catches it.
  • If the LLM hallucinates a field that isn’t in your schema, it is stripped out.
  • Your frontend code never receives malformed data that could crash your UI.

Dynamic Limits

In the Nuabase Console, you can set different limits for different segments of users (e.g., “Free Tier” vs “Pro Tier”) by assigning them to different groups or policies.