Connect an AI Provider

Provider ownership

SophMate uses provider credentials configured inside WordPress. Decide whether the site owner, agency, or operations lead owns those credentials before entering a key. Provider keys should never appear in prompts, screenshots, support messages, changelog entries, or customer-facing docs.

Connection test

Open SophMate settings, choose the provider, save the credential, and run the connection test. If the test fails, compare the error with the diagnostics and support docs before changing plugin settings repeatedly. The provider setup tutorial covers the first successful request and the checks that prove the site can reach the provider.

Budget controls

Before broad rollout, set usage caps and decide who can change them. The AI budget tutorial is the operational companion for teams that need provider usage controls across administrators, marketers, and support users.

Owner and cadence

• Primary owner: site administrator with provider, billing, and security responsibility.
• Review cadence: after provider, mailbox, role, budget, security, WooCommerce, or integration changes.
• Escalate when a setting grants high-risk access, changes provider spend, weakens privacy posture, or redirects alerts away from monitored owners.

Production checklist

• Use a provider key created for this site or client account, then store ownership and billing responsibility in launch notes.
• Test provider connectivity before changing budgets, roles, workflows, or agents.
• Document who owns provider credentials, budget limits, role access, notification routing, and ongoing review.
• Keep configuration changes behind administrator access and review them after plugin updates, staff changes, or incidents.

Acceptance checks

• A successful provider test is visible before users ask production questions.
• Credential ownership, rotation, and billing escalation are documented.
• A second administrator can explain why each high-risk setting is enabled and who may change it.
• No production credential, support mailbox, or notification path depends on an unmanaged personal account.

Common mistakes

• Rotating keys repeatedly without checking billing, model access, PHP extensions, outbound HTTPS, and provider account state.
• Using personal provider keys, personal mailboxes, or broad administrator access because it is faster during setup.
• Changing budgets, roles, notifications, or integrations without recording the owner and review reason.

Related operations

• Troubleshoot failures with Troubleshoot Provider Connections.
• Control spend with Budget and Usage Controls.
• Pair configuration work with Roles and Permissions.
• Review Approval Controls before enabling write-capable modules.
• Use Cost Allocation and Client Billing Review before client or team billing reviews.
• Use Security and Key Rotation before changing provider credentials.
• Use Cache Queue and Performance before scaling automation or alerts.
• Use Scheduled Task and Cron Reliability before relying on recurring work.
• Use Provider Models and Fallbacks before changing production model behavior.
• Use Data Residency and Provider Policy Review before sending sensitive context.
• Use Provider Rate Limits and Retry Planning before high-volume automation.
• Use Source Freshness Review Calendar before teams depend on policy sources.
• Use Email Deliverability and Domain Authentication before operational mail matters.