API Calls, Keys and Security
Hello , I 've recently joined the movement 🙂 and been working daily in Toddle but I have a couple of questions : 1 . By default , are the API calls made client -side or server -side in Toddle ? 2 . If the APl I 'm using requires authentication , can I simply use it in Toddle ? Will the authentication be handled server -side or client -side ? If it 's client -side , what 's the best practice for storing the APl key securely ? Is storing it in a cookie the best approach or are there other methods you would recommend ? Thanks for your help ! 1 ) As of now , APIs with "auto fetch " turned on AND at a page level are fetched server -side . APIs in components always run client -side . This however will change in the upcoming update to APIs which will give you the option of choosing when the API runs , regardless if it is at page or component level If you don 't proxy the call , the session cookie won 't be sent . You cannot read these cookies client -side as they are typically http only If you are referring to an API key like say for OpenAI or similar , those are not securely stored anywhere and would be available on client -side So best practice is to make those type of requests from a backend