https://github.com/backmesh/backmesh

Open Source BaaS for AI apps
https://github.com/backmesh/backmesh

firebase flutter openai-api react-native

Last synced: 8 months ago
JSON representation

Open Source BaaS for AI apps

• Host: GitHub
• URL: https://github.com/backmesh/backmesh
• Owner: backmesh
• License: agpl-3.0
• Created: 2024-08-01T02:37:20.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2025-02-27T19:33:55.000Z (over 1 year ago)
• Last Synced: 2025-02-27T21:09:26.130Z (over 1 year ago)
• Language: TypeScript
• Homepage: https://backmesh.com
• Size: 262 KB
• Stars: 8
• Watchers: 0
• Forks: 2
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

README

          


  



Backmesh


### 😵‍💫 Problem

Shipping private API keys in your app can lead to bad actors that hack your API account and rack up thousands of dollars in API costs

### 🛠️ Solution

Backmesh is an open-source, thoroughly tested backend that uses military grade encryption to protect your private API key and offer an API Gatekeeper to let your web or mobile app safely call the API using **any SDK** without exposing private API keys. Only 2 changes needed in your app:

1. Replace the API URL with the Backmesh Gatekeeper URL.

2. Replace the API private key with the authenticated user's JWT.

```js title="openai.ts"

import OpenAI from "openai";

import supabase from "supabase-js";

const BACKMESH_URL =

 "https://edge.backmesh.com/v1/proxy/gbBbHCDBxqb8zwMk6dCio63jhOP2/wjlwRswvSXp4FBXwYLZ1/v1";

const jwt = supabase.auth.session().access_token;

const client = new OpenAI({

  httpAgent: new HttpsProxyAgent(BACKMESH_URL),

  dangerouslyAllowBrowser: true, // no longer dangerous

  apiKey: jwt,

});

```

### 🔒 How is the LLM API protected

- *JWT Authentication:* Requests are verified with [JWTs](https://firebase.google.com/docs/auth/admin/verify-id-tokens) from the app's authentication provider so only your users have access to the LLM API via Backmesh.

- *Rate limits per user:* Configurable per-user rate limits to prevent abuse (e.g. no more than 5 OpenAI API calls per user per hour).

## 🛡️ Additional Protections for LLM APIs

- *Resource access control:* Sensitive API resources like [Files](https://platform.openai.com/docs/api-reference/files) and [Threads](https://platform.openai.com/docs/api-reference/threads) are protected so only the users that create them can continue to access them.

For more details, see the [security documentation](https://backmesh.com/docs/security).

### ⚡️ Try out Backmesh

Get started with Backmesh using our [dashboard](https://app.backmesh.com) or if you would like to self host make sure to check out the self hosting [guide](https://backmesh.com/docs/selfhost).

### 🚀 Contribute

To contribute, visit [Contributing.md](./CONTRIBUTING.md)