orgoro
commented
1 week ago Thanks for the question
The D-ID API key is not meant to be shipped in the clientside as you said - this is a simplified example and as you said it should be placed in your backend
We have another mechanism that uses restricted client API keys that are coupled with domains and only have chat and read capabilities with certain agents
see them in the studio embed option
Hi, thanks very much for the sample. The thing that I see in DiD samples is that the key is not safely stored for example in an env file on the server. In this example also it is saved in the api.json and it can be accessed from the front-end by clients. I wanted to ask what the changes would be to store it more practically on the backend so that the key is safe. Thanks