Skip to main content
The Cloud hosting option is a fully managed model where LangChain hosts and operates all LangSmith infrastructure and services:
If you’re ready to deploy your app to LangSmith Cloud (AWS or GCP), follow the Cloud deployment quickstart or the full setup guide. This page explains the Cloud managed architecture for reference.
Cloud deployment: LangChain hosts and manages all components including the UI, APIs, and your Agent Servers.

Cloud architecture and scalability

This section is only relevant for cloud-managed LangSmith at https://smith.langchain.com, https://eu.smith.langchain.com, https://apac.smith.langchain.com, and https://aws.smith.langchain.com.For information on the Self-hosted LangSmith solution, refer to the Self-hosted documentation.
LangSmith is hosted on Google Cloud Platform (GCP) for the US, EU, and APAC SaaS regions and on Amazon Web Services (AWS) for the AWS-hosted US SaaS region. The platform is designed to be highly scalable. Many customers run production workloads on LangSmith for LLM application observability, evaluation, and agent deployment. The US-based LangSmith service (default GCP region) is hosted in the us-central1 (Iowa) region of GCP.
The EU-based LangSmith service is available and hosted in the europe-west4 (Netherlands) region of GCP. If you are interested in an Enterprise plan in this region, contact our sales team.
As of April 2026, LangSmith SaaS is available on AWS in us-east-2 (Ohio).
As of May 2026, LangSmith SaaS is available in APAC on GCP in australia-southeast1 (Sydney).

Regional storage

The resources and services in this table are stored in the location corresponding to the URL where sign-up occurred (GCP US, GCP EU, GCP APAC, or AWS US). Cloud-managed LangSmith uses Supabase for authentication/authorization and ClickHouse Cloud for the data warehouse. See the Regions FAQ for more information.

Region-independent storage

Data listed here is stored exclusively in the US:
  • Payment and billing information with Stripe and Metronome

GCP services

The following applies to the US, EU, and APAC SaaS regions on GCP. LangSmith is composed of the following services, all hosted on Google Kubernetes Engine (GKE):
  • LangSmith Frontend: serves the LangSmith UI.
  • LangSmith Backend: serves the LangSmith API.
  • LangSmith Platform Backend: handles authentication and other high-volume tasks. (Internal service)
  • LangSmith Playground: handles forwarding requests to various LLM providers for the Playground feature.
  • LangSmith Queue: handles processing of asynchronous tasks. (Internal service)
LangSmith uses the following GCP storage services:
  • Google Cloud Storage (GCS) for runs inputs and outputs.
  • Google Cloud SQL PostgreSQL for transactional workloads.
  • Google Cloud Memorystore for Redis for queuing and caching.
  • Clickhouse Cloud on GCP for trace ingestion and analytics. Our services connect to Clickhouse Cloud, which is hosted in the same GCP region, via a private endpoint.
Some additional GCP services we use include:
  • Google Cloud Load Balancer for routing traffic to the LangSmith services.
  • Google Cloud CDN for caching static assets.
  • Google Cloud Armor for security and rate limits. For more information on rate limits we enforce, please refer to Rate limits.

AWS services

The following applies to the AWS US SaaS region in us-east-2 (Ohio). The same logical LangSmith components run on Amazon EKS instead of GKE. LangSmith is composed of the following services, all hosted on Amazon EKS:
  • LangSmith Frontend: serves the LangSmith UI.
  • LangSmith Backend: serves the LangSmith API.
  • LangSmith Platform Backend: handles authentication and other high-volume tasks. (Internal service)
  • LangSmith Playground: handles forwarding requests to various LLM providers for the Playground feature.
  • LangSmith Queue: handles processing of asynchronous tasks. (Internal service)
LangSmith uses the following AWS storage and data services:
  • Amazon S3 for runs inputs and outputs.
  • Amazon RDS for PostgreSQL for transactional workloads.
  • Amazon ElastiCache for Redis for queuing and caching.
  • ClickHouse Cloud over AWS PrivateLink in us-east-2 for trace ingestion and analytics, consistent with the regional storage table above.
Some additional AWS services we use include:
  • Elastic Load Balancing (Network Load Balancers) and Istio ingress for routing traffic to the LangSmith services. Documented API rate limits are enforced at the Istio ingress gateway. For details, see Rate limits.
  • Amazon CloudFront for caching static assets (including the web UI hostname aws.smith.langchain.com).
  • AWS WAF on CloudFront for managed rule groups at the edge (for example, AWS Managed Rules common protections and Bot Control).
Light mode overview

Allowlisting IP addresses

Egress from LangChain SaaS

All traffic leaving LangSmith services will be routed through a NAT gateway. All traffic will appear to originate from the following IP addresses: It may be helpful to allowlist these IP addresses if connecting to your own AzureOpenAI service or other endpoints that may be required by the Playground or Online Evaluation.
Traffic from agents deployed on LangSmith Deployment egresses through a separate set of NAT IPs. For that list, refer to Allowlist IP addresses in the Cloud deployment guide.

Ingress into LangChain SaaS

The LangChain endpoints map to the following static IP addresses for traffic that terminates on our GCP load balancers (US/EU/APAC) or, for AWS US, on the Network Load Balancer in us-east-2 (API and gateway hostnames): You may need to allowlist these to enable traffic from your private network to LangSmith SaaS endpoints (api.smith.langchain.com, smith.langchain.com, beacon.langchain.com, eu.api.smith.langchain.com, eu.smith.langchain.com, eu.beacon.langchain.com, apac.api.smith.langchain.com, apac.smith.langchain.com, apac.beacon.langchain.com, aws.api.smith.langchain.com, aws.smith.langchain.com).

Private connectivity (Enterprise)

Enterprise only. Private connectivity is available exclusively for Enterprise customers. Contact your account representative or sales@langchain.dev to enable this feature.
Enterprise customers can connect to LangSmith without exposing traffic to the public internet using AWS PrivateLink or GCP Private Service Connect (PSC). Customers on AWS can connect to LangSmith via AWS PrivateLink, providing private connectivity from any VPC. Cross-region connectivity is supported natively.

Endpoint service name

Setup

1. Request access: Contact your account representative or sales@langchain.dev with your AWS account ID. LangChain will add your account to the endpoint service’s allowed principals list. 2. Create an Interface VPC Endpoint in your AWS account. Attach a security group that allows TCP 443 inbound from your VPC CIDR (or from the instances that need to reach LangSmith):
3. Wait for acceptance. LangChain will accept the connection. The endpoint status will change from pendingAcceptance to available. Allow a few minutes after acceptance for the change to fully propagate before testing connectivity.

Configure DNS

Configure DNS so that aws.api.smith.langchain.com resolves to your VPC endpoint’s private DNS name within your VPC. You can use any private DNS solution: Route 53 Private Hosted Zones, a corporate DNS resolver, or any DNS server reachable from your VPC. First, get your endpoint’s DNS name:
Then, create a CNAME record for aws.api.smith.langchain.com pointing to that DNS name. Here’s an example using Route 53:

Verify connectivity

From an EC2 instance or container in your VPC:

GCP Private Service Connect

Enterprise customers on GCP can connect to LangSmith via Private Service Connect (PSC), providing private connectivity without exposing traffic to the public internet.

Service attachment URIs

Use the following service attachment URIs to create a PSC endpoint in your VPC:

PSC domains

After setup, use the following domains to connect to LangSmith over your PSC connection:

Setup

Request access: Contact your account representative or sales@langchain.dev with your GCP project ID. LangChain will add your project to the service attachment’s allowed consumer list. After access is granted, create a PSC endpoint and configure DNS using either the gcloud CLI or Terraform.

Create a PSC endpoint

Create a forwarding rule in your VPC targeting the service attachment:

Configure DNS

Create a private DNS zone in your VPC and add an A record pointing to the PSC endpoint IP:

Verify connectivity

From a VM in your VPC:

API rate limits

LangSmith enforces rate limits on API endpoints to ensure service stability and fair usage. The following table shows the rate limits for different endpoints in the GCP US and GCP EU regions. GCP APAC and AWS US enforce comparable service-specific limits; contact support if you need exact limits for your organization. Note that:
  • Rate limits are expressed as count / interval where count is the number of requests allowed within the interval (in seconds). For example, 2000 / 10 means 2000 requests per 10 seconds.
  • When no HTTP method is specified in the endpoint column, the rate limit applies to all HTTP methods for that endpoint.
  • When a specific method is listed (e.g., POST, GET), the rate limit applies only to that method.

Rate limit categories

  • High throughput: General high-volume endpoints for core operations like authentication, metadata, and feedback.
  • Repository: Repository and prompt management operations.
  • Run ingest: Individual trace/run ingestion endpoints for observability.
  • Charts: Chart generation and visualization endpoints.
  • Multipart ingest: Bulk run ingestion via multipart upload for high-volume tracing.
  • Run query (API): API key-based run query operations with stricter limits for complex queries.
  • Run query (User): User-based run query operations with higher limits for interactive use.
  • Generation: AI-powered code and content generation endpoints (limited to prevent abuse).
  • Commits: Prompt versioning and commit operations.
  • Deletion: Session deletion and workflow trigger operations.
  • Run lookup: Retrieving specific runs by UUID.
  • Examples: Fetching dataset examples for few-shot prompting.
  • Default (API key): Fallback rate limit for authenticated API requests not matching specific patterns.
  • Default (User): Fallback rate limit for authenticated user requests not matching specific patterns.
  • Public download: High-volume public download endpoints for shared resources.
  • Stats: Run statistics and analytics endpoints (region-specific limits apply).
  • Public (catch-all): Default rate limit for unauthenticated public access.
For more information on rate limits and other service limits, refer to the Administration overview.