Storing secret keys

Connections are secured using AES-256-GCM encryption.

When connecting to third-party services such as OpenAI, you must include an API key in the request. This token is used to identify you and track usage so you can be billed accordingly.

Including an API key in client-side JavaScript code is extremely dangerous!

Using Alphi connections, you can securely store your API keys in the cloud and reference them within your flow.

It is important to remember that Alphi flows are public by default, so whilst your keys are secure, a malicious user could abuse your quota limits. We recommend integrating an authentication service such as Outseta or Memberstack to secure your flows.

Last updated