Related to this issue https://github.com/ricburton/her/issues/21, we can't include the Vapi api keys in the application bundle because it will still be easily accessible to anyone that wants to find it.
This shouldn't block open sourcing, but it should block releasing production builds or development builds if you're worried about someone finding and using your vapi api key.
The solution would be to create and host a vapi proxy server, which would act as an intermediary for requests going to and from the vapi api. Then the keys for the production or dev release would live on the proxy server. And then also, you can implement access control and rate limiting by user or device, which would be needed in a production deploy.
And then you can pass the newly created proxy api as the host to the vapi ios sdk https://github.com/VapiAI/ios/blob/main/Sources/Vapi.swift#L35, for release builds. It looks like nothing would need to change on the swift app, except to have the deployed bundle use the proxy api instead of the default one (https://api.vapi.ai/) You'd have to make sure host or device context is being sent from the sdk to the api also.
Related to this issue https://github.com/ricburton/her/issues/21, we can't include the Vapi api keys in the application bundle because it will still be easily accessible to anyone that wants to find it.
This shouldn't block open sourcing, but it should block releasing production builds or development builds if you're worried about someone finding and using your vapi api key.
The solution would be to create and host a vapi proxy server, which would act as an intermediary for requests going to and from the vapi api. Then the keys for the production or dev release would live on the proxy server. And then also, you can implement access control and rate limiting by user or device, which would be needed in a production deploy.
I think you can pretty much just deploy one of their server examples to create the proxy server - https://github.com/search?q=org%3AVapiAI+server-side&type=repositories&p=1
And then you can pass the newly created proxy api as the host to the vapi ios sdk https://github.com/VapiAI/ios/blob/main/Sources/Vapi.swift#L35, for release builds. It looks like nothing would need to change on the swift app, except to have the deployed bundle use the proxy api instead of the default one (https://api.vapi.ai/) You'd have to make sure host or device context is being sent from the sdk to the api also.