I’m considering upgrading to pro or creating a pro account for one of my clients. I know that pay-as-you-go billing can often cause surprising and large bills if left unsupervised! My client (and myself) certainly don’t want that to happen.
I have read about Spend Management on Vercel and I know enabling the firewall is a good precaution as well to prevent things like DDoS attacks.
However, I still have some questions. I’d love to hear from the community and team members about this! What are some common pitfalls and what resources should I check out?
Specific questions:
If I enable the firewall and it mitigates a DDoS attack, do the blocked request still count toward my edge requests per month?
What happens if I don’t pause a project when it goes over its spending limit?
What’s the best way to let a client and a developer share an account or be on a team? Do they both need Pro accounts to be part of a team?
There is an additional mode called “Attack Challenge Mode” that you can enable if you’re actively being targeted in a DDoS which provides a more strict level of protection. It can sometimes catch users on weird browsers or behind VPNs though and force them through a verification step before proceeding to your site, so we recommend only enabling that in emergencies. There is also no charge for this feature
If you configure spend management but disable the feature to pause your project automatically (which is on by default) then you’ll just get notifications at the spending threshold. Meanwhile your project will switch into on-demand usage
Large bills are significantly less of a risk now than they were before since Fluid and Active CPU Billing, and you can always keep an eye on the usage both in the Usage tab in your dashboard and in your homepage. Anything approaching a limit appears at the top of this card and you can click each item to navigate to it and see which project/routes are causing the usage. If auto-pausing is on, large bills are impossible.
Most of the time when customers go over it’s because of unoptimized images or some functions that can be cached, so if you’re paying attention early (or watch the first spend management notification) you can catch issues before they become serious problems.
Each user is required to have their own account, which means yes the client and the developer should each have a seat. This policy is currently undergoing some changes but there’s nothing public I can share for at least the next few days
Thank you so much for the information! I have one more question. If my client does not have a Vercel account, they must create one to access vercel.com/domains. If they create a free account while signing up, what happens when they purchase a domain? Do they continue to be on the free plan, or does it upgrade their account? Do they need Pro to purchase a domain on Vercel?
No, blocked requests do NOT count toward your edge requests. Vercel provides automatic DDoS mitigation for all deployments and does not charge for traffic blocked by DDoS protection. However, you will still be charged for:
Requests that are successfully served before automatic mitigation kicks in
Requests not recognized as DDoS events (like regular bot and crawler traffic)
Spending Limits Without Pausing
You’ll continue to be charged for overages. If you don’t pause a project when it exceeds the spending limit, usage continues and you’ll be billed for the additional metered resources. Vercel will still send notifications at 50%, 75%, and 100% of your spend limit via web, email, and potentially SMS, but the project won’t automatically stop.
Team Sharing Between Client and Developer
Both users need Pro accounts to be on the same team. The Pro plan costs $20 per month per team seat, and each user added to your Vercel team is billed separately. The Pro plan includes:
Team-level Role-based access control (RBAC)
Roles like Owner, Member, and Billing with different permissions
Enhanced collaboration tools
Important note: Each Vercel account can only be linked to one personal GitHub account. If you need to deploy private repositories from different Git accounts, each person would need to sign up for Vercel using their specific Git account and then join the Pro team.
The most cost-effective approach might be having the developer as the Pro team owner and adding the client as a Member with appropriate permissions for their needs.
