Backend

​

v1.7.3

​

Integrations & Providers API

• Added tags support for integrations and providers. You can now:
  • Add custom key-value tags when creating or updating integrations/providers
  • Filter integrations and providers by tags in list endpoints
  • Use tags to organize and categorize your AI provider connections

​

Observability

• Streamlined logging configuration for better observability

​

MCP OAuth Enhancements

• Token introspection endpoint now returns email and username fields for richer user context

​

JWT Authentication

• Added read and list scopes to control plane resources for JWT-authenticated requests

​

Fixes and Improvements

• Security updates to dependencies
• Added anthropic_beta parameter support in config schema
• Improved filter boundary handling in usage limits
• SCIM result index fixes

​

v1.7.2

​

Fixes and Improvements

• Security updates to dependencies

​

v1.7.1

​

Fixes and Improvements

• Made organization ID optional during SSO user provisioning for improved flexibility
• Fixed cache key validation edge cases
• Improved SCIM query parsing to handle edge cases safely

​

v1.7.0

​

Workspace Deployments

• Introduced workspace-based deployment restrictions. You can now configure gateway deployments to be accessible only from specific workspaces, enabling better multi-tenant isolation and access control
• New deployment management endpoints support workspace assignment during create and update operations

​

Policy Entities API

• Added new endpoint to retrieve entities (API keys, workspaces, users) associated with usage and rate limit policies

​

SSO Auto-Provisioning

• First-time SSO users are now automatically provisioned to the organization when they log in via OIDC or SAML
• Pending invites are automatically accepted during SSO login
• Eliminates manual user provisioning steps for SSO-enabled organizations

​

Workspace Budget Auto-Reactivation

• Exhausted workspace budgets now automatically reactivate when the credit limit is increased
• No manual intervention required to resume operations after increasing budget limits

​

Custom API Key Periodic Reset

• Configure custom periodic reset schedules for API key usage beyond the standard weekly/monthly options
• Set specific reset intervals that align with your billing or usage tracking requirements

​

JWT Workspace Guardrails Fix

• Fixed: Workspace-level input and output guardrails configured in the dashboard are now correctly applied when using JWT authentication
• Previously, these guardrails were only enforced when using workspace API keys

​

New Providers

• Added Oracle Cloud Infrastructure (OCI) Generative AI as a supported provider

​

Private Deployment Pricing

• Self-hosted deployments can now access model pricing configurations for accurate cost tracking
• Data Source Priority: Memory Cache (1hr TTL) → Proxy Service → Log Store → Local Files

• Proxy Service: Set MODEL_CONFIGS_PROXY_FETCH_ENABLED=ON and MODEL_CONFIGS_PROXY_URL. Fetches from {PROXY_URL}/general/{provider} and {PROXY_URL}/pricing/{provider}
• Log Store: Set MODEL_CONFIGS_PRICING_LOG_STORE_PATH and MODEL_CONFIGS_CAPABILITIES_LOG_STORE_PATH.
• Local Files: Set MODEL_CONFIGS_CAPABILITIES_LOCAL_PATH and MODEL_CONFIGS_PRICING_LOCAL_PATH. Falls back to local configs in the image if not set

​

Fixes and Improvements

• Analytics timezone grouping improvements
• Improved error messages for configuration validation (AB01 errors)
• Added service identifier to health check response
• Conditional Redis worker initialization for improved startup performance

​

v1.6.2

​

API Key Expiry

• Expired API keys are now automatically marked as expired by a background worker process
• Ensures consistent key state management without manual intervention

​

MySQL SSL Modes

• Added support for external MySQL SSL connection modes via the DB_SSL environment variable

​

Fixes and Improvements

• Fixed scopes validation for API key authentication
• Fixed authorization query filter edge cases
• Workspace usage reset migration improvements

​

v1.6.1

​

New Providers & Plugins

• Added new plugin providers: Javelin, Qualifire, and Walled

​

Guardrails Updates

• Added new request params check guardrail schema
• Configuration
  • tools — Controls which tools can be used in requests:
    • blockedTypes / allowedTypes — Filter by tool type
    • blockedFunctionNames / allowedFunctionNames — Filter by function name
  • params — Controls request-level parameters:
    • blockedKeys / allowedKeys — Filter by parameter key
    • values — Per-key value constraints with blockedValues / allowedValues

{
  "tools": {
    "blockedTypes": ["code_interpreter"],
    "allowedTypes": ["function"],
    "blockedFunctionNames": ["delete_all", "drop_database"],
    "allowedFunctionNames": ["get_weather", "search", "calculate"]
  },
  "params": {
    "blockedKeys": ["system", "seed"],
    "allowedKeys": ["model", "messages", "temperature", "max_tokens", "tools"],
    "values": {
      "model": {
        "blockedValues": ["gpt-4-32k"],
        "allowedValues": ["gpt-4o", "gpt-4o-mini", "gpt-3.5-turbo"]
      },
      "temperature": {
        "allowedValues": [0, 0.5, 1]
      }
    }
  }
}

​

Analytics & Metrics

• Updated aggregate metrics to send total tokens for /spans endpoint

​

Workspace Access Control

• Implemented workspace manager role restriction for adding users with higher privileges

​

Fixes and Improvements

• Made SCIM group parsing more robust to use lowercase role
• Simplified log exports for Hybrid deployments
• Security updates to dependencies.

​

v1.6.0

​

SCIM Group Workspace Mapping

• Introduced flexible group-to-workspace mapping, allowing you to provision groups from your identity provider (Okta or Azure Entra) with any naming convention and map them to Portkey workspaces and roles directly from the Portkey Control Plane
• Documentation

​

Fixes and Improvements

• Fixed an issue where archived usage limit policies were not being skipped during processing
• Fixed non-streaming playground request errors caused by header conflicts
• Added support for aws_region parameter in Bedrock integration for serviceRole auth type.

​

v1.5.1

​

Improvements

• Added support to read logs based on the path format identifier released in Gateway v1.17.0
• Added backend dependencies for the new F5 Guardrails
• Fixed an issue where workspace-created integrations were not being cleaned up when a workspace was deleted

​

v1.5.0

​

Usage and Rate Limit Policy

• Introduced usage limits and rate limit policy APIs, which allow organizations to apply flexible budget and rate limit controls based on dynamic conditions (API keys, metadata, workspace, etc.).
• More details: Documentation and API Reference

​

DB Migrations

• Added new column in ClickHouse to store the log object path format identifier

​

v1.4.0

​

Security Patch

• Removed root user from container image (BREAKING CHANGE). The container image used by this chart no longer runs as root. The image now runs processes with a non-root UID and enforces a non-root container securityContext. Requires Helm repo upgrade (>app-1.4.0) to deploy the new image and chart settings.

​

Customizable Email Templates

• Added new environment variable to enable customization of branding elements (logo, company name, support email, docs URL) and template paths.

​

Deployment Configurations

• Added deployment management endpoints (create, list, get, update) to configure gateway deployments on the control plane

​

v1.3.3

​

Fixes and Improvements

• Added deduplication logic for default workspace guardrails to avoid duplicate guardrail slug entries
• Minor enhancements to return more details in the list traces API
• Updated JWT Guardrail schema to support new parameters added in the latest Gateway build
• Fixed edge cases where workspace slugs were not handled for integrations API
• Updated internal dependencies to patch security vulnerabilities

​

v1.3.2

​

Workspace Grouped Analytics API

• Introduced a new API that aggregates and returns analytics data grouped by workspace, with support for multi-dimensional grouping and cost-based filtering.

​

Multi-Organization SSO Support

• Added enhancements to allow users to authenticate via SSO across multiple organizations

​

Fixes and Improvements

• Added mcp.invoke permission for workspace API keys
• Fixed an issue where prompt version label mapping was not being cleaned up when a label was deleted
• Streamlined slug and name validations across providers and integrations APIs. Both slug and name can now have a maximum length of 255 characters
• Fixed edge cases where workspace slugs were not handled for integrations API

​

v1.3.1

​

Guardrails Schema Updates

• Updated schema to support the following two new guardrails:
  • Add Prefix: Add a configurable prefix to the user’s input before sending to the model
  • Allowed Request Types: Control which request types (endpoints) can be processed. Use either an allowlist or blocklist approach

​

v1.3.0

​

MCP Preview Release

• Added MCP management APIs and OAuth support

​

Organization and Workspace Security Settings

• Introduced Configs Security Settings to control configs view and edit access for member and manager roles
• Introduced workspace-level user API key limits to restrict the maximum number of user API keys per workspace
• Added user API key expiry settings with configurable default and maximum expiry durations

​

SCIM Enhancements

• Introduced a new setting (SCIM Provisioning for Organization Management) to allow organization user management only through SCIM while enabling workspace user management via Portkey

​

API Key Management API Enhancements

• Updated the list api-keys response to not return raw keys for other user API keys
• Fixed issues with pagination total count and made the logic more robust to handle created_at conflicts
• Enhanced the current_usage field in the usage_limits object to show fractions for more accurate tracking

​

Workspace Management API Enhancements

• Added workspace budget reset functionality with periodic reset options in the update workspaces API
• Added strict workspace name filter in the list workspaces API for improved search accuracy
• Fixed workspace API keys cache invalidation when budget exhausts
• Made workspace budgets periodic reset field nullable for flexibility

​

AWS Bedrock Enhancements

• Added AWS service authentication as a new auth type for Bedrock integrations

​

Fixes and Improvements

• Streamlined the Model Catalog APIs to accept slugs in URLs for all eligible endpoints
• Fixed pagination bug in the list users API (/admin/users)
• Made the inference component field optional for AWs Sagemaker Integrations
• Added a setting to disable the Getting Started page
• Improved error handling when a user is already part of an organisation during invite join attempts
• Added strict validations for rate_limits and usage_limits across api-keys, providers, integrations, and workspaces for data consistency
• Added JWT errors to audit logs for better security tracking
• Fixed integration global_workspace_access_settings rate limits to map correctly