glad dew
Good Day,
I've noticed many threads on twitter about how there are many instances of iOS developers leaving their API key in the source code of their apps and them being hijacked via hackers digging into the binary.
Is there a recommended approach for securely handling api requests which OpenAI suggests taking for the development of products leveraging the API?
dark topaz
Let the app talk to your own API, which holds the OpenAI API key.
Preferable require users to somehow register so you can track which user uses your API.
That's the industry standard 😉
faint moss
Yup! App talks to your middleman API only if there is a valid user account and session, the middleman API forwards the request to OpenAI