Skip to main content

Introduction

Securely call APIs directly from your mobile or web app using any SDK without exposing private API keys. Only 2 changes needed in your app:

  1. Replace the API URL with the Backmesh Gatekeeper URL.
  2. Replace the private key with the authenticated user's JWT.
openai.ts
import OpenAI from "openai";
import supabase from "supabase-js";

const BACKMESH_URL =
 "https://edge.backmesh.com/v1/proxy/gbBbHCDBxqb8zwMk6dCio63jhOP2/wjlwRswvSXp4FBXwYLZ1/v1";

const jwt = supabase.auth.session().access_token;
const client = new OpenAI({
  httpAgent: new HttpsProxyAgent(BACKMESH_URL),
  dangerouslyAllowBrowser: true, // no longer dangerous
  apiKey: jwt,
});

What is Backmesh

Backmesh is an open-source, thoroughly tested backend that uses military grade encryption to protect your LLM API key and offer an API Gatekeeper to let your app safely call the API

How is the API protected

  • 🛡️ JWT Authentication: Requests are verified with JWTs from the app's authentication provider so only your users have access to the LLM API via Backmesh Gatekeeper.
  • 🚧 Rate limits per user: Configurable per-user rate limits to prevent abuse (e.g. no more than 5 OpenAI API calls per user per hour).
  • 🔐 API resource access control: Sensitive API resources like Files and Threads are protected so only the users that create them can continue to access them.

For more details, see the security documentation.

LLM Private Key APIs Supported:

Backmesh implements resource-level access control for sensitive LLM API resources, such as Files and Threads. This ensures that only the users who create these types of resources can continue to access them.

  • OpenAI
  • Gemini
  • Anthropic
  • Cloudflare Workers AI

Authentication Providers Supported:

  • Supabase
  • Firebase

Leave a comment on Discord if your authentication provider is not supported or LLM API needs a specific access controls.

API Usage per user without SDKs

Backmesh will automatically instrument all requests to let you understand API usage across your users e.g. error rates, costs, response times, etc. Please leave a comment on Discord with more information about what API endpoints you are using and what analytics you would like to see.

Hosting Options

Backmesh is open source and can be self hosted in your own Cloudflare account which includes a generous free tier. We also offer a hosted SaaS with different pricing plans. API analytics are displayed in the SaaS dashboard only though.

Tutorials