I made a terrible mistake, and you are probably doing it too

I made a terrible mistake, and you are probably doing it too
Photo by Andrea De Santis / Unsplash

On this page


I made a terrible mistake.

When my apps were developed, I ensured efficiency while sacrificing quality, and I was OK with that.

However, I didn't examine app security thoroughly, especially when using AI APIs like OpenAI.

Unfortunately, this error costs me some money.

I will share the issue and a solution so you won't make the same mistake as I did and save money.

Using AI in mobile apps

When using AI on mobile, you have no choice but to include the API key somewhere to make a call to the API.

However, did you know that storing an API key inside your app is easily retrievable by someone?

Someone can effectively take your app and access its content. The API key is easily retrievable from the app even if it's already in the App Store.

We will not see how to do it. Instead, it is essential to remember it and find a solution to protect your API Key and AI credits.

What happens API key = money saved

If you can protect your API Key, you will save money. If someone knows your app uses AI, they will likely check it and steal your key.

I saw some iOS developers whose API keys were stolen without their notice. They lost hundreds of dollars because once their API key was discovered, someone would use it indefinitely.

The worst part? When you find out that someone is stealing your credits, it is already too late. You lost money and cannot regain it.

You can put money back, but someone else will likely use it.

Secure API key = money saved

So, how do you prevent someone from stealing your API Key? Well, you can act on the AI platform, like OpenAI, by limiting some parameters:

  • Disable auto-recharge: When your credits are near 0, the platform will not bill you for new credits. To do it in OpenAI, go to this link > Settings > Billing.
  • Set Limits: You can set a monthly limit for usage. For example, you can limit your credits spend by 20$ / month, not more. In OpenAI, go for this link > Settings > Limits
  • Have a relay server. This server will contain your API key, so you don't have to store it on your app. The server will only expose a route for your app to make a request to OpenAI and send you back the response.

I recommend setting at least 2 of the previous solutions to get a good night's sleep without worrying too much about a potential thief of your API key.

Fortunately, Swift Maker contains a ready-to-use relay server in Swift to protect your API keys. Don't hesitate to check it out before the end of the pre-sale!


Whenever you are ready, there is 1 way I can help you
Swift Maker (30% off until next Wednesday): The Ultimate SwiftUI Boilerplate Booster for iOS Developers that helps you ship apps during your 9-5 job.

Subscribe to Valentin Mille newsletter and stay updated.

Don't miss anything. Get all the latest posts delivered straight to your inbox. It's free!
Great! Check your inbox and click the link to confirm your subscription.
Error! Please enter a valid email address!