Billing
How billing works at Pangea
Pangea uses a credit based model where your organization carries a U.S. dollar-based balance and usage of Pangea services is deducted from that balance in real-time as services are consumed. This “pay-as-you-go” model means you only pay for the individual services you need, for as long as you use them, and without requiring long-term contracts or complex licensing.
Services are priced differently based on the resources they use. The majority of services are priced by API call, while some services may have a compute or storage component. In the latter case (i.e. storage), these charges may be applied on a monthly basis. The amount deducted from your organization's balance is based on the pricing metrics as defined on the Pricing page (coming soon).
Pangea provides you with a $5 monthly complimentary balance to help you get going fast. This may not seem like much but due to Pangea's pricing model it gets you pretty far.
Billing Page
All billing is configured in the Organization Settings > Billing page. The Billing page includes the following components:
- A Balance section where you can view your balance, and add funds and one-time payments
- An Auto-charge section where you can configure auto-charge payments
- A Payment methods section where you can add various credit cards (and removed)
- A Deposit history table where you can review deposits on a monthly basis
Your balance at a glance
Your organization's balance is displayed in the top-right corner of the header in your Pangea Console instance. Click the balance to go to the Billing page.
If your organization has a negative balance, that is also displayed in the top-right corner of the header. In addition, Pangea will show a notification to alert you about the negative balance.
Making Deposits
All balances and payment methods are managed at the organization level and shared across all projects. Any project inside of an organization can draw from the organization balance. Check out the different types of deposits:
Pangea Complimentary Deposits
To help you get started, Pangea provides all organizations a $5 complimentary balance. In addition, Pangea will restore the $5 complimentary balance at the beginning of each month. However, complimentary deposits cannot accumulate month over month. This means if you use $2 of the complimentary balance in month 1, your beginning balance in month 2 will be restored to $5 via a $3 complimentary deposit. The complimentary balance restoration will not occur if your organization’s balance is negative.
For information about when the $5 complimentary deposit occurs, visit the Billing Cycle and Monthly Charges section.
Auto-charge
Pangea recommends that you set up Auto-charge for your production environments.
To avoid a negative balance, and potentially a service disruption, it is best to use the auto-charge feature. Pangea recommends that you set up Auto-charge for your production environments. Auto-charge allows you to automatically trigger a deposit from your credit card based on the organization balance reaching a user-defined level. The auto-charge amount is configurable and can be disabled at any time.
Manage Auto-charge
To set up auto-charge:
- Click Manage in the Auto-charge section of the Billing page
- Enter your credit card information into the Auto-charge dialog. When enabled, Auto-charge will charge the U.S. dollar amount specified in the Amount field, and will execute the auto-charge when the organization balance goes below the dollar amount specified in the When below field.
- Once set up, the Auto-charge screen will look something like the image below. The Auto-charge section displays your auto-charge configuration and the payment method you chose to configure auto-charge includes an “Auto-charge” label.
Determine an Auto-charge amount
Pangea recommends a When Below amount equal to or greater than your average daily usage and an auto-charge amount equal to 30 days of usage (i.e. one month).
An easy way to determine auto-charge amounts and When Below thresholds is to review your usage on the Usage Page. You’ll be able to see your average daily usage and usage trends, month over month. Pangea recommends a When Below amount equal to or greater than your average daily usage and an auto-charge amount equal to 30 days of usage (i.e. one month). This will ensure you always have enough balance to cover your usage while limiting credit card transactions to approximately 1 per month. Additionally, should something go wrong with your payment method, you’ll have a day’s worth of balance to cover you while you get it corrected.
For example, if average daily usage = $15, then:
- Amount 30 x $15 = $450
- When below = $15
See the image below for reference:
One-Time Payments
To add funds to your balance and make a one-time payment:
- Click + Funds in the Balance section of the Billing page
- Enter the funding amount and select a credit card to fund from
- Click Save. Your balance will be updated immediately.
Add a payment method
To add a payment method:
- Click + Payment Method on the Billing page
- Enter your credit card details into the Payment information dialog
- Once the credit card has been added, it will appear in the Payment method section of the Billing page
Delete a payment method
To delete a payment method:
- Select the payment method you want to delete and click the remove icon
Billing Cycle and Monthly Charges
The billing cycle for all Pangea users, independent of your timezone, will be as follows:
- Start of billing cycle = 12:00:00AM Pacific Time Zone on the first day of every month
- End of billing cycle = 11:59:59PM Pacific Time Zone on the last day of every month
The timing of the billing cycle is relevant for:
- allocation and charges associated with services utilized on a monthly basis (e.g. storage)
- calculating the negative balance allowance
- replenishment of complimentary credits
Negative Balances
If your applications are using Pangea services and consume the entire available balance, Pangea will allow a negative balance without a financial penalty. The overage is based on 10% of the current or prior month’s API spend, whichever is greater. For example, if last month your organization consumed $100 in service utilization, and the $100 was funded through your organization’s credit card, Pangea will permit service utilization up to a balance of -$10 (negative $10). Once the maximum negative allowance has been reached, the Pangea service availability will be suspended.
If your organization's balance is negative:
- Pangea will send you warnings and notifications in the Pangea Console
- Pangea will send frequent emails to your organization's admin
- Pangea wil persist with this messaging from the time the balance becomes negative and while the negative balance is carried
While any organization is in a negative balance, Pangea will not provide the $5 complimentary credit deposit. Once an organization's balance is restored to positive, the $5 complimentary deposit will resume on the next billing cycle.
To avoid negative balances, Pangea recommends setting up Auto-charge
Usage Page
You can review usage by navigating to the Organization Settings > Usage page.
From here, you can view the API and service utilization of funds during a particular billing cycle. You can view utilization for all projects, or just a particular project, and get a breakdown of utilization for each day of the billing cycle as well as for each service.
Service Pricing
Secure Audit Log
Secure Audit Log has three pricing dimensions:
- Secure audit events written
- Audit history searches
- Overall data retention
We will break down how each of these work individually.
Write secure audit events
Each event written to the secure audit log creates a billing event.
Search audit history
Every search query creates a billing event based on the amount of data searched. The billing system calculates this as follows:
- For each search, it determines the size of the data searched, limited by the timeframe of your query.
- That number is rounded up to the nearest GiB.
- That number is multiplied by price and the total is debited from your balance.
For example: If the Secure Audit Log is storing 100GiB of data but the timeframe of your query only includes 1.8GiB of data, the billing event will count 2GiB of data (1.8GiB rounded up).
The amount of data searched is calculated on a per-search basis.Therefore each search transaction generates its own debit event against your org’s balance based on the method above.
Data retention
At 12:00:00AM Pacific on the first day of the month, Pangea creates a billing event for the total amount of storage allocated in Secure Audit Log rounded up to the nearest GiB. When the amount of allocated storage increases past the next whole GiB, such as going from 1.99GiB to 2.01GiB, the account is billed a one-time charge for the prorated amount of the extra GiB based on the number of days left in the month.
For example: If the Secure Audit Log crosses from 1 to 2 GiB on the 15th of a 30 day month, the system creates a billing event for 16/30ths of a charge (current day plus 15 days remaining).
Redact
Redact has two pricing dimensions:
- Requests
- Data scanned (per KiB)
Each Redact API request creates a billing event. The cost of the billing event is dependent on the amount of data rounded up to the nearest KiB, with a minimum of 1KiB.
Embargo
Embargo only has one pricing dimension:
- Requests
Each Embargo API request creates a billing event. There are no other variables in determining the cost of the request.
File Intel
File Intel has two pricing dimensions:
- Requests
- Providers
Each File Intel API request creates a billing event. The cost of that billing event is dependent on the provider chosen.
Domain Intel
Domain Intel has two pricing dimensions:
- Requests
- Providers
Each Domain Intel API request creates a billing event. The cost of that billing event is dependent on the provider chosen.
IP Intel
IP Intel has two pricing dimensions:
- Requests
- Providers
Each IP Intel API request creates a billing event. The cost of that billing event is dependent on the provider chosen. Note that each provider delivers different capabilities and are therefore not equivalent. Within IP Intel, there are multiple endpoints that each represent their own subservice:
- Reputation (provided by Crowdstrike and Cymru)
- Geolocation (provided by Digital Element)
- VPN (provided by Digital Element)
- Proxy (provided by Digital Element)
- Domain (provided by Digital Element)
URL Intel
URL Intel has two pricing dimensions:
- Requests
- Providers
Each URL Intel API request creates a billing event. The cost of that billing event is dependent on the provider chosen.
User Intel
User Intel has two pricing dimensions:
- Requests
- Providers
Each User Intel API request creates a billing event. The cost of that billing event is dependent on the provider chosen.
Vault
The Vault service has two pricing dimensions:
- Secret/Key operations
- Secret/Key storage
We will break down how each of these work individually.
Secret/Key operations
An operation is defined as follows, with the endpoints listed:
- Rotation (automated or manual)
- /secret/rotate
- /key/rotate
- Signing or Verifying Signatures
- /key/verify
- /key/sign
- /key/sign/jwt
- /key/verify/jwt
- Encrypt or Decrypt operations
- /key/encrypt
- /key/decrypt
Each operation - either performed through the Pangea console or through the API - creates a billing event.
Secret/Key Retention
To accommodate use cases where keys are short-lived, Pangea tracks the presence of secrets and keys on an hourly basis. The definition of hour means whether the key or secret was present during any second within a clock hour (e.g. 10:00:00 - 10:59:59).
Billing events are created in the Vault service twice per hour. At each of those times, the system looks for the following:
- The number of secrets/keys created during that period
- The number of secrets/keys that exist at the start of a new hour and a billing event is created for that total
For example: A secret or key created at 10:55:30 and deleted at 11:15:30 creates one billing event for the 10:00:00 hour and another for the 11:00:00 hour for a total of two events.
AuthN
AuthN has three pricing dimensions:
- Monthly Active Users
- The threat intel services you enable and
- The User Flows you enable them within
We will break down how each of these work individually.
Monthly Active Users (MAUs)
A Monthly Active User is a user who authenticates at least once in a calendar month. If the user exits before completing all MFA steps, they are not a MAU. If a user logs in regularly during the month, they are still one MAU.
Threat Intel Services
Within AuthN, you can optionally enable threat intel services (Embargo, Domain Intel, and IP Intel) in the User Registration and Authentication flows. Each of those services generate their own billing events according to their normal practices.
User Flows
There are two User Flows within AuthN: User Registration and User Authentication.
In both flows, the threat intel services run sequentially. If a request is blocked, the attempt will be rejected, the request will exit early, and no further services will run. If the request passes the check, it will continue to the next service, and once all checks pass, the request will complete successfully. Therefore, a successful flow will generate a billing event for each service but a rejection will only be billed for the completed checks up until the rejection.
Every user will complete the User Registration flow once and the User Authentication flow at each authentication.