> ## Documentation Index
> Fetch the complete documentation index at: https://docs.aethercitadel.cloud/llms.txt
> Use this file to discover all available pages before exploring further.

# Week of May 15, 2026

> Multi-tenancy, self-serve billing, and production hardening

## New features

**Multi-tenant API keys**
Aether Citadel now supports multiple tenants out of the box. Each tenant gets a unique `ack_live_*` API key, and usage is tracked per-tenant. See [Authentication](/authentication).

**Self-serve sign-up via Lemon Squeezy**
You can now purchase a Citadel Starter or Pro plan directly from [aethercitadel.lemonsqueezy.com](https://akashalabs.cloud/#pricing). Your API key is delivered to your inbox within seconds of checkout — no manual provisioning required.

**Tenant usage endpoint**
A new `GET /v1/tenant/usage` endpoint returns your current month's request count, plan tier, and remaining quota. See the [Usage API reference](/api-reference/usage).

**Rotate your API key**
Compromised key? Rotate it instantly with `POST /v1/tenant/rotate-key`. The old key is invalidated immediately. See the [Rotate Key API reference](/api-reference/rotate-key).

## Updates

**Per-tenant rate limiting**
All `/v1/*` endpoints are now protected by a 100 req/min token bucket. Exceeding the limit returns a clean `429 Too Many Requests` so you can back off gracefully.

**Request correlation IDs**
Every response now includes an `X-Request-Id` header. Include it when reaching out to support and we can trace your call end-to-end.

**Configurable CORS**
Browser-based apps can now call the Citadel API directly. Allowed origins are configurable per deployment.

**Graceful shutdown and faster timeouts**
The API drains in-flight requests on deploy, so you won't see dropped connections during rolling updates. Connect timeouts are now 5s and request timeouts 30s, preventing hung calls.

**SDK retries with backoff**
The Dart bridge SDK now retries transient 5xx and network failures up to 3 times with exponential backoff and jitter. 4xx errors still fail immediately.

**Stricter input validation**
Intent generation now rejects malformed user tokens (empty, too short, too long, non-ASCII, or containing control characters) with a clear `400` before the request hits downstream systems.

**Production endpoint live**
The API is now serving from `https://api.aethercitadel.cloud` with HTTPS, security headers, and a public health check at [`/health`](https://api.aethercitadel.cloud/health).

## Bug fixes

* **Timing-attack hardening**: API key comparison is now constant-time, eliminating a side-channel that could be used to guess keys byte-by-byte.
* **AI connector validation**: Hardened the AI response path to reject malformed or unexpected output before it reaches your application.
