The latest articles on DEV Community by Alper San (@aprsn). https://dev.to/aprsn https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3760557%2Fe0c84b2a-d424-4017-acf1-e7921fe315ee.png https://dev.to/aprsn en Alper San Sun, 08 Feb 2026 19:52:35 +0000 https://dev.to/aprsn/stop-building-backends-just-to-hide-one-api-key-32me https://dev.to/aprsn/stop-building-backends-just-to-hide-one-api-key-32me <p>You're building the next big AI wrapper or a sleek Single Page Application (SPA). You have your OpenAI key, your frontend is ready in React/Vue/Svelte, and you're about to ship.</p> <p>But wait. 🛑</p> <p><strong>You can't put sk-proj-... in your client-side code</strong>. Everyone knows that.</p> <p><strong>So now you have to:</strong></p> <ol> <li>Spin up a Node/Express server (or a Next.js API route).</li> <li>Set up CORS.</li> <li>Deploy it (Vercel/Heroku/EC2).</li> <li>Maintain it.</li> <li>Pay for it. Just to make one API call? That feels like overkill.</li> </ol> <p>The Problem with "Backend for Frontend"</p> <p>For simple integrations (AI agents, weather apps, payment links), building a dedicated backend service introduces unnecessary friction. You spend more time configuring IAM roles and middleware than actually building your product.</p> <p>But exposing keys is not an option. Bots scrape GitHub and public repos instantly. Your $500 credit could vanish in seconds. 💸</p> <p>The Solution: A Secure Proxy Layer</p> <p>What if you could keep your frontend code clean but still protect your keys?</p> <p>That's why I built SaltingIO. It acts as a secure "Salt Layer" between your frontend and the API provider.</p> <h2> How it works: </h2> <ol> <li> <strong>Paste your raw API key</strong> (OpenAI, Anthropic, Stripe, etc.) into the Salting dashboard. We encrypt it instantly. 🔒</li> <li> <strong>Get a Bridge URL</strong>. We give you a unique endpoint like <a href="https://api.salting.io/r/your-bridge-id" rel="noopener noreferrer">https://api.salting.io/r/your-bridge-id</a>.</li> <li> <strong>Ship</strong>. Use that URL in your frontend fetch() call. No backend required. Example: Secure OpenAI Call in React</li> </ol> <p><strong>Before (Insecure ❌):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const response = await fetch('https://api.openai.com/v1/chat/completions', { headers: { 'Authorization': 'Bearer sk-proj-12345...' // EXPOSED! } }); </code></pre> </div> <p><strong>After (Secure ✅):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const response = await fetch('https://api.salting.io/r/your-bridge-id', { method: 'POST', body: JSON.stringify({ model: 'gpt-4', messages: [...] }) }); </code></pre> </div> <h2> Why This Matters for Indie Hackers </h2> <p>• <strong>Speed</strong>: Ship in minutes, not hours.</p> <p>• <strong>Security</strong>: Your keys never leave our encrypted vault.</p> <p>• <strong>Control</strong>: Set rate limits per user (e.g., "Max 10 requests/day per IP"). Prevent abuse without writing a single line of Redis code.</p> <p>• <strong>Analytics</strong>: See exactly who is using your API and how much.<br> I built this because I was tired of setting up lambdas for every side project. If you're building in public or shipping fast, give it a try.</p> <p>👉 Secure your API Keys with SaltingIO</p> <p><a href="https://salting.io" rel="noopener noreferrer">Stop Building Backends for Simple API Calls</a></p> indiehacker webdev api