Designing a bring-your-own-key (BYOK) architecture on iOS

BYOK means the user supplies their own provider API key. Here's the shape of it in Scowld:

• Each provider has a Keychain entry (com.scowld.apikey.<provider>).
• The UI never persists keys in UserDefaults or files.
• Requests are built on-device and sent directly to the provider — no proxy server.

The payoff: no backend to run, no keys to custody, and a privacy story that's verifiable because there's nothing in the middle.

Full source: https://github.com/apoorvdarshan/scowld