Juanjo Valiño
WrapfastHidde van der Ploeg
HelmJames Rochabrun
SwiftOpenAISam McGarry
CueTirupati Balan
Amigo FinanceLuca Lupo
iirc_aiMario
Wedding Speech AIShihab Mehboob
BulletinSecurity, observability and control.
Key security and DeviceCheck.
AIProxy uses a combination of split key encryption and DeviceCheck to prevent your key and endpoint from being stolen or abused.
Monitor usage on our dashboard.
Our dashboard helps you keep an eye on your usage and get a deeper understanding of how users are interacting with AI in your app.
Model overrides and rate limits.
Want to change your API calls from gpt-3.5-turbo to gpt-4o? No problem! You can change models and rate limits right from the dashboard without updating your app.
Test API calls with live console.
Use the live console to test your OpenAI calls from your app. Find errors and get a better understanding of performance.
Alerts to keep you alert.
Get alerts when there's suspicious activity so you can take quick action.
Built to scale.
Built on AWS, our service horizontally scales to meet demands.
About Us
Lou Zell
Engineer
Lou is an engineer with over a decade of experience building mobile apps. He previously led the telematics team at Lyft and specializes in iOS development.
Follow on 𝕏Todd Hamilton
Design Engineer
Todd Hamilton is a design engineer who previously worked at Meta for the last 10 years. He specializes in product design, front-end development, and prototyping.
Follow on 𝕏Not sure if your API key is secure?
We'll conduct a free security audit of your app.
FAQs
Have more questions?
No, we don't actually store any customer OpenAI keys. Instead, we encrypt your key and store one part of that encrypted result in our database. On its own, this message can't be reversed into your secret key. The other part of the encrypted message is sent up with requests from your app. When the two pieces are married, we derive your secret key and fulfill the request to OpenAI.
The key we provide you is useless on its own and can be hardcoded in your client. When you add an OpenAI key in our dashboard we don't store it on our backend. We encrypt your key and store only half, and give you the other half which you use in your client. We combine these two pieces and decrypt when a request gets made.
We have multiple mechanisms in place to restrict endpoint abuse:
1. Your AIProxy project comes with proxy rules that you configure. You can enable
only endpoints that your app depends on in the proxy rules section. For example, if your app
depends on /v1/chat/completions, then you would permit the proxying of requests to that
endpoint and block all others. This makes your enpdoint less desireable to attackers.
2. We use Apple's DeviceCheck service to ensure that requests to AIProxy originated from your
app running on legitimate Apple hardware.
3. We guarantee that DeviceCheck tokens are only used once, which prevents an attacker from
replaying a token that they sniffed from the network.
The proxy is deployed on AWS Lambda, meaning we can effortlessly scale horizontally behind a load balancer.
Upon configuring your project in the developer dashboard, you'll receive initialization code to drop into the SwiftOpenAI client. Alternatively, you can use a bootstrap product like WrapFast.