Hi everyone,
I’m building a web-based tool that uses AI for text processing. To reduce server costs, I’m considering allowing users to input their own API key (e.g., for Gemini) and make API calls directly from their browser instead of routing through my server.
This approach ensures that users manage their own API usage, and I don’t store or handle any keys. However, I want to confirm whether this violates any policies, such as:
- API Usage Policies: Are there restrictions on users making direct API calls from the client side?
- Security Concerns: Since API keys would be exposed in the client browser, does this go against any guidelines?
- Fair Use & Abuse Prevention: Would this be considered a misuse of the API, even though each user is using their own key?
If anyone has experience with this or knows the official stance, I’d appreciate any insights. Thanks!