chore: backend release 1.13.0

changelog/backend.mdx

@@ -1,13 +1,64 @@
 ---
 title: "Backend"
-sidebarTitle: "Backend [1.12.1]"
+sidebarTitle: "Backend [1.13.0]"
 rss: true
 ---
 
 <Card title="Schedule Call" href="https://portkey.sh/demo-21" icon="calendar" horizontal>
 Discuss how Portkey's AI Gateway can enhance your organization's AI infrastructure
 </Card>
 
+<Update label="1.13.0" description="2026-04-01">
+
+## v1.13.0
+---
+
+### API Key Rotation
+- Added **API key rotation** with support for automatic and manual rotation
+- Configure rotation policies when creating or updating API keys with `rotation_policy` parameter:
+  - `rotation_period`: `weekly` or `monthly` auto-rotation schedule
+  - `next_rotation_at`: ISO 8601 date for the next scheduled rotation
+  - `key_transition_period_ms`: Grace period (minimum 30 minutes) during which both old and new keys are valid
+- New **`POST /api-keys/:apiKeyId/rotate`** endpoint for manual key rotation — works with or without an auto-rotation policy
+- Auto-rotation processor with email alerts for upcoming rotations, completed rotations, and expiry warnings
+
+### Organization Session Management
+- Added **session management** settings at the organization level
+- Configure `session_settings` in organization auth settings with `max_session_ttl` (minimum 900 seconds / 15 minutes)
+- When set, user sessions exceeding the TTL are automatically rejected, requiring re-authentication
+
+### New Guardrail: Required Metadata Key-Value Pairs
+- Added **Required Metadata Key-Value Pairs** guardrail (`default.requiredMetadataKeyPairs`) to validate that requests contain specified metadata key-value pairs
+- Configurable parameters:
+  - `metadataPairs`: Object defining required key-value pairs
+  - `operator`: `all` (all pairs must match), `any` (at least one pair must match), or `none` (no pairs should match)
+- Runs on the `beforeRequestHook`
+
+### Rate Limits Enhancements
+- Added **`rpw`** (requests per week) as a new rate limit unit alongside existing `rpm`, `rph`, and `rpd`
+- Added **`endpoint_type`** as a new condition key for rate limit policies, allowing rate limits to target specific endpoint types (e.g., `chatComplete`, `embed`, `imageGenerate`)
+- [Documentation](/product/enterprise-offering/budget-policies)
+
+### Agent Gateway
+- Added **Agent Gateway** with full CRUD APIs for managing agent integrations and agent servers
+- Includes agent skills management, workspace-level access control, and user access management
+- RBAC support for agent resources
+
+### Self-Hosting Improvements
+- Added **ClickHouse replication and sharding** support for high-availability analytics deployments
+- Added support for **decoupled JWT authentication** in private deployments, allowing the data plane to validate tokens independently from the control plane
+<Note> 
+Requires Gateway v2.5.0 or higher
+</Note>
+
+### Fixes and Improvements
+- Fixed provisioning for empty groups
+- Added `last_reset_at` field to API key, workspace, integration, and virtual key responses
+- Model configuration and pricing updates
+- Security dependency updates
+
+</Update>
+
 <Update label="1.12.1" description="2026-03-16">
 
 ## v1.12.1

product/enterprise-offering/budget-policies.mdx

@@ -44,6 +44,7 @@ Conditions determine **which requests** a policy applies to. All conditions must
 | `config` | Match by config slug | `"config slug"` | 2.0.0+ |
 | `prompt` | Match by prompt slug | `"prompt slug"` | 2.0.0+ |
 | `model` | Match by model (with wildcard support) | `"@openai/gpt-4o"`, `"@anthropic/*"` | 2.0.0+ |
+| `endpoint_type` | Match by endpoint type (rate limit policies only) | `"chatComplete"`, `"embed"`, `"imageGenerate"` | 1.13.0+ |
 
 ### Group By
 
@@ -170,7 +171,7 @@ Configures automatic reset of the usage limit at regular intervals.
 
 ## Rate Limits Policies
 
-Rate limits policies allow you to control the rate of requests or tokens consumed per minute, hour, or day. When the rate limit is exceeded, requests will be throttled.
+Rate limits policies allow you to control the rate of requests or tokens consumed per minute, hour, day, or week. When the rate limit is exceeded, requests will be throttled.
 
 <Note>
 When a rate limit is exceeded, Portkey returns a **429 Too Many Requests** HTTP status code.
@@ -186,6 +187,7 @@ When a rate limit is exceeded, Portkey returns a **429 Too Many Requests** HTTP
 - **`rpm`**: Requests/Tokens per minute
 - **`rph`**: Requests/Tokens per hour
 - **`rpd`**: Requests/Tokens per day
+- **`rpw`**: Requests/Tokens per week
 
 ### Parameters
 
@@ -222,6 +224,7 @@ The time interval unit for the rate limit.
   - `"rpm"` - Requests/Tokens per minute
   - `"rph"` - Requests/Tokens per hour
   - `"rpd"` - Requests/Tokens per day
+  - `"rpw"` - Requests/Tokens per week
 - **Behaviour**: 
   - Defines the time window over which the rate limit is calculated
   - Limits reset automatically at the start of each time period
@@ -241,7 +244,7 @@ The maximum number of requests or tokens allowed within the specified time unit.
 
 1. **Conditions**: Each condition must have `key` and `value` fields.
 2. **Group By**: Each group must have a `key` field.
-3. **Valid Keys**: For both `conditions` and `group_by`, valid keys include `api_key`, `virtual_key`, `provider`, `config`, `prompt`, `model`, or any key starting with `metadata.`
+3. **Valid Keys**: For both `conditions` and `group_by`, valid keys include `api_key`, `virtual_key`, `provider`, `config`, `prompt`, `model`, `endpoint_type`, or any key starting with `metadata.`
 4. **Value**: Must be a numeric value.
 5. **Workspace**: Workspace ID is required (can be provided via API key or request body).