Currently in order to protect the API sercret, the API has to be called from the backend.
This is not ideal because some requests take a long time (10+ seconds), streaming responses are harder and it adds complexity. It will be faster and simpler if requests are made directly from the browser.
Other services like AWS S3 or Blackblaze b2 solve this issue by signing the request with the secret in the backend and return it to the browser, which makes the request. For example:
- Send the message you want to send to ChatGPT to the backend and it will return a hash of that message signed using the secret key.
- Use the hash to make a request to the API directly.
To find the docs of how AWS does it, search in google for: aws presigned url request s3 upload