Hi everyone,
We’re seeing a sudden spike in Gemini API billing, even though our application usage and traffic patterns have not changed. No new deployments or feature updates were made during this period.
We’ve already rotated our API keys and reviewed usage in Cloud Billing and AI Studio, but we’re still trying to understand the source of the increased token usage.
Has anyone experienced something similar? Is there a way to attribute Gemini API usage to specific IPs, devices, or service accounts for deeper auditing?
Any guidance would be appreciated. Thanks!
2 Likes
Warning: I am low skilled in this area … proceed with caution.
I was reading about “request / response” logging for Generative AI API calls in Vertex … see:
It feels like if one enables this feature, one can then collect records in BigQuery corresponding to your usage of Gemini. This will create a history of ALL the requests and responses made. From this data, you will be able to find your token usage and monitor how many requests are being processed and their corresponding token consumption. Over time, you can then spot changes in consumption and determine how your consumption is being used.
Yes, I’m looking at a bill of $6,909 for calls to GenerativeLanguage.GenerateContent over about a month, none of which I made. I had quickly created an API key during a live Google training session. I never shared it with anyone and it’s not pushed to any public (or private) repo or website. Whomever got a hold of it made over a billion requests, 99% of which returned 429 errors. 429s are not supposed to be billed, so the $6k+ is a result of the 1% of calls which succeeded.
I opened a support case and they said:
Generally, any usage on an account that was not caused by a direct error on Google’s side is technically considered “valid usage” even if the activity was unintended by you. A specialized team has raised a consultation with the Product Team. They are currently conducting a deeper investigation to clarify the specific usage details and ensure our findings are completely accurate. I have explicitly requested them to check if we can retrieve request headers or originating IP addresses that could help you identify how the key was being utilized…Our specialized team investigation concluded that no leaked API keys were detected in your project…
The key was not found in public repositories (a standard “leak” check), but they did not provide specific details on the methodology used to reach that conclusion. I understand that this lack of detail is frustrating and leaves your questions about the validity of the traffic unanswered.
I made the mistake during a live training session to not properly restrict the API key, and didn’t catch the high usage in the cloud console until it added up to thousands. Even after I disabled the API another $2k+ registered. It was just for a quick test and never used it again personally.