,

Vertex AI vs the Gemini API in AI Studio, and When to Switch (Google Cloud Gen AI Series, Part 5)

Google AI Studio and Vertex AI are two doors to the same Gemini models. Here is what actually changes between them on auth, data governance, quotas and price, and exactly when to move from one to the other.

Google Cloud Gen AI Series · Part 5 of 30

Your prototype ran all weekend on an API key from Google AI Studio. You flip the client over to Vertex AI, change nothing else, run it, and the first call comes back 403. Same model, same prompt, same SDK. The key is the problem. Vertex AI does not accept an AI Studio key, because it wants a Google Cloud identity, not a string you pasted from a web page.

That single 403 is the whole story of this part. Google gives you two front doors to the exact same Gemini models, and the model is the least interesting difference between them. What changes is who you authenticate as, where your prompt is processed, whose quota you spend, and who signs the contract. Get the door right and migration is a one line change. Get it wrong and you rebuild auth the week before launch.

Decision in one line

Prototype on the Gemini Developer API through Google AI Studio, because a single key gets you calling in a minute. Ship on Vertex AI, because production needs IAM, data residency, VPC controls, org quota, and an SLA that a raw key does not carry.

The model catalog and the per token price are close to identical across both doors, so never choose between them on price. Choose on identity, data path, and governance.

Who this is for: you have called Gemini at least once, from either door, after reading Part 3 on the Flash and Pro tiers. You know what an API key is and roughly what a Google Cloud project is. You do not need to have set up IAM or a service account yet. Every product name is defined on first use.

Two front doors to the same models

Start with the names, because Google uses three of them and they overlap. Google AI Studio is a browser tool at aistudio.google.com where you type a prompt, pick a Gemini model, and get an API key with two clicks. The Gemini Developer API is the endpoint that key calls, served at generativelanguage.googleapis.com. Think of AI Studio as the front desk and the Developer API as the phone line behind it. They are the same door.

The second door is Vertex AI, Google Cloud's managed platform for building and serving models, which we have used since Part 2. Vertex serves the same Gemini models through its own endpoint at aiplatform.googleapis.com, but the request lands inside a Google Cloud project with its billing account, its IAM policy, its quota, its audit logs, and its network controls wrapped around every call. The model on the far end is the same Gemini. The machinery around the call is not.

Google now labels the Vertex generative offering the Gemini Enterprise Agent Platform in some of its docs, but the endpoint, the SDK path, and the product most people say out loud are still Vertex AI, so that is what I use here. The picture below is the whole mental model. Two doors, one set of models.

Two doors, one set of modelsthe model is the same, the machinery around the call is notAI Studio + Developer APIauth: one API keygenerativelanguage.googleapis.comfree tier, one minute to first callfor prototypes and small appsVertex AIauth: IAM and ADCaiplatform.googleapis.comproject, quota, VPC-SC, auditfor production and enterpriseSame Gemini modelsGemini 3 and 2.5, Flash and Pro
Both doors reach the same models. The choice is about auth, data path, and governance, not capability.

What actually changes when you switch doors

People expect the models to differ between the two doors. They mostly do not. What differs is everything wrapped around the call. Here is the side by side I keep in my head, row by row, for the questions that actually decide a project.

QuestionGemini Developer API (AI Studio)Vertex AI
How you authenticatea single API keyIAM identity via ADC or a service account
Endpointgenerativelanguage.googleapis.comaiplatform.googleapis.com
Where it livesa lightweight API projecta full Google Cloud project
Free tieryes, rate limitedno, billed from the first call
Data residency and VPC-SCnoyes, region pinning and perimeter
Audit logging and SLAlimitedCloud Audit Logs and a published SLA
Provisioned throughputnoyes, reserved capacity
Best forprototypes, demos, small side appsregulated, high volume, production

Rows verified against Google's migrate-to-Vertex documentation for this run. Feature availability shifts, so confirm residency and provisioned throughput on the current docs before you promise them.

Read that table top down and a pattern falls out. Every row where the Developer API says no or limited is a row an enterprise cares about, and every row where it wins is a row a solo builder cares about. That is not an accident. Google built the Developer API to remove friction for the first hour and built Vertex to satisfy an auditor for the next three years. Neither is better. They are aimed at different weeks of the same project.

How the two handle authentication

Authentication is the difference you feel first, and it is the 403 in the opener. The Developer API takes an API key, a long string tied to a project that grants whoever holds it the right to call. It is fast because it skips identity. It is risky for the same reason: a key in a leaked commit is a working credential until someone rotates it, and it carries no notion of which human or service is calling.

Vertex AI authenticates with a Google Cloud identity. In development that means Application Default Credentials, or ADC, a local credential you create once by running a login command, after which the SDK finds it automatically. In production it means a service account, a non human identity with a narrow IAM role such as Vertex AI User, attached to the workload so there is no key to leak at all. Every call is then tied to a principal you can see in the audit log, revoke in one click, and scope to a single project. That is the trade: a minute of setup for an identity you can actually govern.

My take: I let people prototype with a Developer API key and I do not fight it, but the key never leaves a laptop or a secret manager, and it never ships in a container image. The day a project gets a real user it moves to a service account on Vertex, because the first security review will ask who called this model at 2am, and an API key cannot answer that question. Set the expectation early so the migration is planned, not a fire drill.

Google has been adding an express mode that lets Vertex accept an API key for a faster start, which blurs this line a little. It is handy for a quick trial, but it is not the identity model you want under production traffic, so treat it as a convenience, not the destination.

Where your data goes, and who governs it

This is the row that ends most debates, and it is the one people skip because it is boring until it is a lawsuit. The question is simple: after your prompt reaches Google, where is it processed, and can Google use it to improve its models. The answer depends on the door and, for the Developer API, on whether you are on the free tier.

On the free tier of the Gemini Developer API, Google may use your prompts and responses to improve its products. That is the price of free, and it is fine for a throwaway demo and disqualifying for anything touching customer data. On the paid tier of the Developer API, Google states it does not use your data to train its models. Vertex AI goes further: your data is not used to train Google's models, and you also get region pinning so the request is processed where you say, VPC Service Controls to keep the traffic inside a perimeter you draw, and customer managed encryption keys if you want to hold the key yourself.

ControlDeveloper API, freeDeveloper API, paidVertex AI
Prompts used to train Google modelsmay be usednot usednot used
Region pinningnonoyes
VPC Service Controlsnonoyes
Customer managed keysnonoyes

Data-use behaviour verified against Google's Gemini API terms and Vertex AI data governance docs for this run. Terms change, so re-read them before a compliance sign-off.

Gotcha: the free tier data-use rule catches teams who wired an AI Studio key into a shared internal tool to save a billing step. The moment a colleague pastes a real customer record into that tool, you have sent customer data to a tier where it can be used for training. If a Developer API key touches anything beyond your own test strings, enable billing to move it onto the paid tier the same day, or move it to Vertex.

Does the bill change between them?

Barely, and that surprises people who assume the enterprise door costs more. Both doors bill Gemini per token at rates that track each other closely, the same input and output token model we priced in Part 3. The Developer API adds a free tier the enterprise door does not have, and Vertex adds reserved-capacity options the Developer API does not, but for ordinary pay as you go traffic the per token number is close enough that price is not the deciding factor. Here is a workload priced on both.

Worked example

A small internal assistant runs 5 million input tokens and 3 million output tokens a month on Gemini 2.5 Flash. At the confirmed Vertex rates of 0.30 USD per million input and 2.50 USD per million output, that is 1.50 USD plus 7.50 USD, about 9 USD a month. On the paid Developer API the per token rates match, so the same workload lands at about 9 USD as well.

On the free Developer tier the cash cost is 0 USD, but you are rate limited and your prompts may train Google's models, so free is only free for test strings. The lesson is blunt: the paid bill is the same on both doors, so pick the door for governance, and let price fall out of that choice.

Same workload, same paid bill5M input and 3M output tokens a month on Gemini 2.5 Flash02.557.510USD per month0Developer, freecapped, trains on prompts9Developer, paid9Vertex AIPaid cost is identical, so price is never the reason to pick a door.
Free is 0 USD but rate limited and trained on. The two paid doors cost the same, which is the point.

Quotas are where the free door bites, not price. The free Developer tier caps you at a low ceiling of requests per minute, enough to build against and nowhere near enough to serve users. Paid tiers on the Developer API raise that ceiling in steps as your spend history grows. Vertex quota is per project and per model, visible in the console, and you file for an increase against a specific model in a specific region. If you have hit a wall on the free tier, that wall is a rate limit, and the fix is either enabling billing on the Developer API or moving to Vertex, not a bigger key.

One SDK, one flag to move

Here is the good news that makes the whole choice low risk. Google ships a single client library, the Google Gen AI SDK, published as google-genai, that talks to both doors. Your prompt code, your streaming, your function calling, your tool definitions all stay the same. The only thing that changes between the Developer API and Vertex is how you build the client. Google states plainly that code written for one door runs on the other, so the migration is a constructor swap, not a rewrite.

The snippet below builds both clients side by side and calls the same model through each. In real code you build one, chosen by an environment variable, so the same image runs against the Developer API in dev and Vertex in prod with no code change.

# pip install google-genai
from google import genai

# Door 1: Gemini Developer API, auth is one API key from AI Studio
dev = genai.Client(api_key='AIza...your-studio-key')

# Door 2: Vertex AI, auth is your Google Cloud identity via ADC
# run once first:  gcloud auth application-default login
vertex = genai.Client(
    vertexai=True,
    project='my-genai-project',
    location='us-central1',
)

MODEL = 'gemini-2.5-flash'   # same id works through both clients

def ask(client, prompt):
    r = client.models.generate_content(model=MODEL, contents=prompt)
    return r.text

print(ask(dev, 'Give me a one line refund policy.'))     # prototype path
print(ask(vertex, 'Give me a one line refund policy.'))  # production path

Expected output: the same kind of one line answer printed twice, because the model is identical across both clients. Only the constructor changed. Failure modes: on the Vertex client a 403 PERMISSION_DENIED means ADC is not set, so run the gcloud login line, or the Vertex AI API is not enabled on the project; a 404 means the model id does not serve from your location, so pick a region where it does. On the Developer client a 400 with API_KEY_INVALID means the key is wrong or the Generative Language API is not enabled on the key's project.

Before any production change: switching a live service from a Developer API key to a Vertex service account changes how every call authenticates. Do it in a non production project first, grant the service account the narrowest role that works, usually Vertex AI User, confirm the model serves from your required region, and roll out behind a flag so you can fall back if IAM is misconfigured.
Steps to an authenticated callfewer steps to start, more steps to govern012345setup steps2AI Studio keycreate key, paste it5Vertex, ADC + SAproject, enable API, IAM, ADC, region
The Developer key wins the first hour. Vertex spends three more steps buying an identity you can audit and revoke.

Which door for which stage of the build

The clean way to think about this is not one door versus the other, it is which door fits the stage you are at. A weekend prototype has no auditor and no users, so the Developer API key is exactly right. A pilot with real internal users has data you cannot leak, so paid Developer or Vertex. Anything with external customers or a compliance line gets Vertex, full stop. Map the door to the stage and the choice stops being a debate.

StageDoorWhy
Weekend prototypeDeveloper API, freeone key, test strings only, no users
Internal pilotDeveloper API, paid, or Vertexreal data means no training on prompts
Customer facing appVertex AIIAM, audit, quota you can raise
Regulated or high volumeVertex AIresidency, VPC-SC, reserved capacity

This is the same shape of question you hit on other clouds, where the choice is which managed service a project belongs in rather than which model. If you are comparing across providers, the Azure piece on Azure OpenAI versus Foundry versus Azure Machine Learning walks the same decision on Microsoft's stack, and the vendor neutral Generative AI guide covers the token and pricing basics under all of them.

Prototype in AI Studio, ship on Vertex AI

Here is my recommendation without the hedge. Start every Gemini idea in Google AI Studio with a Developer API key, because nothing gets you to a working call faster and the friction of Vertex setup will kill a prototype that has not proven itself yet. Keep that key on your machine, never in a repo, and only ever feed it test data. The instant the project earns real users or real data, move it to Vertex AI on a service account, because that is where IAM, region pinning, audit logs, and a raiseable quota live, and those are the things a launch actually needs. Because it is one SDK and one flag, you can make that move in an afternoon rather than a sprint.

Do not treat the free tier as a cost saving for anything real, because the training clause on your prompts is a data path, not a discount. And do not reach for Vertex on day one for a toy, because you will spend your first hour on IAM instead of on the idea. The next part goes deeper on the Vertex side of the wall, into pricing, provisioned throughput, and context caching, where the reserved capacity and cache options that the Developer door does not have start to change your bill. Your move today: find every AI Studio key in your projects and check what data has passed through it, because that audit takes ten minutes and tells you which ones need to move to Vertex this week.

Google Cloud Gen AI Series · Part 5 of 30
« Previous: Part 4  |  Guide  |  Next: Part 6 »

References

About The Author


Discover more from Journal of Intelligent Infrastructure – By Dr Pranay Jha

Subscribe to get the latest posts sent to your email.

Leave a Reply

Your email address will not be published. Required fields are marked *

Architect’s Toolkit

About the Author

Dr. Pranay Jha is a Cloud and AI Consultant with 18+ years of experience in hybrid cloud, virtualization, and enterprise infrastructure transformation. He specializes in VMware technologies, multi-cloud strategy, and Generative AI solutions. He holds a PhD in Computer Applications with research focused on Cloud and AI, has published multiple research papers, and has been a VMware vExpert since 2016 and a VMUG Community Leader.

Discover more from Journal of Intelligent Infrastructure - By Dr Pranay Jha

Subscribe now to keep reading and get access to the full archive.

Continue reading