Hi course mentors and fellow developers,
I would like to ask about some of the best practices that you use for keeping the API Key safe from being compromised or obtained via reverse engineering. For example, if you build an app that uses a Gemini AI API or OpenAI API that requires your personal API key, how would you store that API key safely and which hopefully does not involve additional costs (such as building a purpose-built backend server that stores that API key and forwards requests)?
hi @jkh.goh
The only answer I get if you don’t want to use any server storage, is first making sure your keys are not part of your codes, create a separate variable location.
further create a set limit access and monitor usuage
actually my first thought was encryption but then you said you didn’t wanted any backend server, cost related issue. So this ticks off
lastly you can assign number of request restrictions if related to any ip address for avoiding any hacking related issue.
No matter what the best no cost solution is do not share your api keys with anyone 
