Client side API Key security #122
Assignees
Labels
component:dart sdk
Issue/PR related to Dart SDK
status:triaged
Issue/PR triaged to the corresponding sub-team
type:bug
Incorrect behavior (everything from a crash to more subtle misbehavior)
Comments
singhniraj08
added
type:bug
|
@muddi900 I got tired of having to spin up a backend to use the Gemini / Anthropic / OpenAI private key API and figure out usage and error analytics per user in my apps so I created Backmesh, the Firebase for LLM APIs. It lets you safely call any LLM API from your app without a backend with analytics and rate limits per user. It might suit your use case well! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello
The sdk is great. I have a working prototype of my app within 3 days. Doing everything client side is quite quick.
However, this exposes the API key to any malicious actor on the client side. Especially on the web. I can build with obfuscation, but it would still not be good security practice to embed the key in the app. I also do not want to redo everything on the server side. Especially since there aren't many dart server sdks. This would require me to do all the work from scratch again. Would it be possible to secure this client-side?
The text was updated successfully, but these errors were encountered: