Hi,
We’re shipping a B2C product on the Live API where end-users talk to Gemini directly from their phones. Unlike the regular `generateContent` API where we can pre-moderate text, the Live API streams audio bidirectionally — we can’t realistically inspect each utterance before it reaches you.
Today, abuse isolation is project-level only: one bad end-user puts our whole API key at risk, and you have no way to sanction that one user without affecting the rest. OpenAI (`user`) and Anthropic (`metadata.user_id`) both expose this primitive.
Two concrete places it would help:
- `LiveConnectConfig.user_id?: string`
- `CreateAuthTokenConfig.user_id?: string` (so the ID is baked into the ephemeral token and can’t be spoofed by the client)
Thanks for considering.