How do I secure my serverless function that makes my API call?

[newbie] I created a serverless function on digital ocean but it seems the call to that is visible in the client. How can I restrict anyone who can see that call from being able to send a request to the server side function address they see in the client code?

Welcome @KellyEllie

You can use authentication, rate-limiting, CORS, or a combination of all of these depending on your use case to make sure that your serverless function isn’t used in an unintended manner.

Which endpoints are you consuming on the OpenAI API?

1 Like

I’d also look into CDNs to help avoid DoS. Free tiers still exists, but you’ll need to see if it meets your needs. The DO addresses I used in the past were frequently attacked. So banning address ranges was all I could do at the time.