Back
Best practice for calling 3P APIs with private credentials from SvelteKit SPA on Appwrite Sites
Hey everyone! Looking for guidance on the recommended approach for securely calling third-party APIs from my Appwrite-hosted application.
Current Setup:
- SvelteKit application running as a SPA (client-side only)
- Deployed on Appwrite Sites
- Using Appwrite for auth and database
What I need to do: I need to make API calls to external services (e.g., payment processors, data providers) that require private API keys/credentials. Obviously, I can't expose these credentials in my client-side code.
What I'm considering:
- Using Appwrite Functions as a proxy/backend to store credentials and make the API calls
- Converting my SvelteKit app to SSR (a much larger overhaul of the codebase including auth migration which I'd like to avoid if possible)
- Some other Appwrite-native solution I'm not aware of?
Questions:
- What's the recommended pattern within the Appwrite ecosystem for this use case?
- If Appwrite Functions is the way to go, are there any examples or best practices for using them as an API proxy?
- Are there any performance or rate limit considerations I should be aware of?
- Should I be looking at a different Appwrite deployment option altogether?
Would appreciate any insights from those who've solved similar problems. Thanks!
TL;DR
Developers seek advice on securely calling third-party APIs from SvelteKit SPA on Appwrite Sites without exposing credentials. They're considering using Appwrite Functions as a proxy or converting to SSR. They ask for recommended patterns, examples, best practices, performance considerations, and alternative deployment options.