SimpleGoose

Inference API Bill Verifier

Verify the inference-API bill your provider sends you

When you buy LLM/AI API capacity through a Bedrock reseller, you can't see what actually ran — but you still get the bill. The Inference API Bill Verifier reconciles every request against AWS-metered evidence the provider can't forge, and signs the result.

Anchored in AWS-metered evidenceMetadata-only — never your promptsRead-only — you stay in controlVerification, not an audit opinion

The problem

You can't verify what you can't see

Your reseller self-reports which model served your request and how many tokens you were billed. Silent model downgrades and token inflation are documented in the wild — and regulators increasingly require independent evidence of the providers in your chain. Taking the invoice on faith is no longer good enough.

How it works

Onboard in an afternoon. No rerouting.

01

Your provider grants a read-only role

A least-privilege, external-ID cross-account IAM role — billing, Bedrock invocation logs, and CloudTrail. No traffic rerouting, no latency, no code change. It takes an afternoon.

02

Every request is bound to AWS-metered truth

Each call carries a signed correlation id that lands in the Bedrock invocation log. We match your own API receipts to the metered invocation — the model and token counts the provider can't fake to AWS.

03

You receive a signed verification report

We reconcile both sides, flag any discrepancy, and issue a signed report addressed to you — with a public page to confirm its authenticity. Hand it to your auditor.

What it verifies

Strong where it counts. Honest where it can't.

Token & cost accounting

Verified to near-cryptographic assurance against the AWS bill.

Model billed vs. model metered

Every request's billed model id checked against what AWS actually ran.

Per-customer attribution

Bound by your own receipts — not the provider's self-reported tags.

Model identity

Continuous statistical monitoring for downgrades — a tripwire, not a cryptographic certification (none exists on Bedrock today). We say so plainly.

The report

What lands in your inbox

SGBV-VERIFICATION-REPORT✓ VERIFIED

Requests reconciled

32 / 32

Model mismatches

0

Token mismatches

0

Anomalies flagged

1 — classified benign

Tamper attempt

blocked

Prompt content accessed

none

Signed · metadata-only · verification/reconciliation report — not an audit opinion. (Illustrative figures.)

Pricing

Priced for independence, not your token volume

Reseller-paid, buyer-addressable. The report goes to you; the provider can't alter it.

Reconcile

Contact for pricing

Independent monthly reconciliation. Read-only role, no rerouting.

Start with Reconcile
  • Read-only cross-account role
  • Monthly signed reconciliation report
  • Per-model token & cost reconciliation
  • Metadata-only — never your prompts
  • Public report verification page

Certified

Contact for pricing

Per-request binding + tamper-evident evidence. The real assurance tier.

Get Certified
  • Everything in Reconcile
  • Per-request correlation-id binding
  • Tamper-evident (Object-Lock) evidence
  • Model-downgrade & token-inflation detection
  • Continuous model-identity monitoring
  • E&O-backed reports

Attested

Contact for pricing

Buyer-of-record independence for regulated chains.

Talk to us
  • Everything in Certified
  • You contract SimpleGoose directly
  • Buyer-addressed attestation letters
  • Org-wide scope + completeness checks
  • DORA / fourth-party evidence pack
  • Dedicated support

FAQ

Questions

Is this an audit?

No. It's an independent token & model verification — a reconciliation service. The deliverable is a signed verification/reconciliation report, never a statutory audit opinion or SOC report.

Do you see our prompts?

No. Invocation logging is configured metadata-only. We access token counts, model ids, and timestamps — never prompt or response content.

Does it slow down our API?

No. Verification is read-only and out-of-band — there's no change to your request path. An optional in-path tier exists for buyers who require airtight, per-request proof.

Can you really tell if a model was downgraded?

We verify the billed model id against the model AWS metered for every request — so silent substitution at billing time is caught. True model-weight identity is monitored statistically as a tripwire; we don't claim to cryptographically certify it, because no one can on Bedrock today.

Which providers do you support?

Bedrock-based API resellers today. The same approach extends to other metered backends over time.

Ask your provider to get verified

Already buying through a Bedrock reseller? We'll run a free retrospective reconciliation on a recent invoice.