Hello,
I’m writing to confirm compliance and rate-limit behavior for our intended Gemini API integration.
Integration pattern: Server-side relay/proxy. All requests egress from one (or a small set of) static server IP(s) that we control.
Authentication: Each end-user provides their own Gemini API key (created under their own Google account/project). We do not share or pool keys. Our backend only forwards requests on behalf of the user using the user’s own key.
Quota/billing: We expect quota and billing to apply to the user’s own project, not ours.
Geography: Our end-users are located in Egypt. Our service is not targeted to users in the EEA/UK/Switzerland.
Questions
1- Single egress IP: Is it acceptable for all requests (from many different user API keys) to originate from a single server IP (our proxy)?
- Do you enforce any IP-based limits or flags that could throttle/deny requests even when each user’s project/key is within its own quota?
2- Free vs. paid usage in Egypt: Are there any restrictions on using unpaid/free Gemini quotas for users in Egypt, assuming each user brings their own key—i.e., not in the EEA/UK/CH?
3- Best practices: Do you recommend any specific headers or request metadata (e.g., request IDs) to help you distinguish end-users behind our proxy and minimize false-positive abuse detection?
4- Operational considerations: If volume scales and we need higher limits, is there a preferred path (support case, program enrollment, etc.) to raise per-project quotas for our users?
5- Compliance confirmation: With the pattern above (BYO key, server-side proxy, single IP), can you confirm there is no policy violation or extra approval required on our side?
Thank you for your guidance. We’d appreciate written confirmation and any relevant documentation links.
Best regards,
Vahid yaghoubie