Changelog

To help you better monitor API usage and manage costs, we're introducing Configurable Consumption Notifications for your projects.

#

Key Features:

• Custom Thresholds: Define specific API call volume thresholds that trigger an alert.
• Time Intervals: Set the time window (e.g., 5 minutes, 1 hour, 1 day) over which these calls are counted.
• Email Alerts: Receive notifications (initially via email) when your project exceeds its configured threshold within the defined interval.
• Alert Fatigue Prevention: Once a notification is sent, another won't be triggered for the same project until the defined time interval has passed, even if high usage continues.

#

Benefits:

• Cost Management: Get early warnings of high usage to investigate and prevent unexpected cost escalations.
• Abuse Detection: Identify potential compromises or misuse indicated by sudden usage spikes.
• Performance Insights: Gain insights into your app's API consumption patterns.

Configure these notifications in your Project Settings within the Proxed.AI dashboard to define what constitutes high consumption for your specific application needs.

This update focuses on refining our API authentication mechanisms, with the Bearer Token method now being the primary recommended approach for authenticating your requests to Proxed.AI.

#

Bearer Token Authentication (Authorization: Bearer your-partial-key.your-token):

• Flexibility: The your-token part can be either a DeviceCheck token (for production) or a Test Key (when Test Mode is enabled for your project).
• SDK Compatibility: This format is designed for better compatibility with standard AI SDKs that primarily support the Authorization header, allowing both the partial API key and the necessary token to be transmitted in a single, standard header.
• Security: Combines the security of partial keys with DeviceCheck or the convenience of test keys in a unified manner.

#

Other Supported Methods:

• Test Key (Header): Using x-proxed-test-key and x-ai-key for development when Test Mode is active.
• Device Token (Header - Legacy): Using x-device-token and x-ai-key. We encourage migration to the Bearer token method from this legacy approach.

Refer to our API Authentication documentation for full details on each method and best practices.

We've shipped a significantly improved onboarding experience and enhanced our documentation to make getting started with Proxed.AI smoother and more intuitive.

#

Key Improvements:

• Guided Onboarding Flow: A new linear, step-by-step process guides you through:
  • Quick team creation.
  • Simplified member invitations with role selection.
  • Visual guides for DeviceCheck credential setup.
  • Smarter partial key detection and secure client-side splitting.
• Simplified DeviceCheck Configuration: Visual explanations, inline documentation for Apple credentials, and better error messaging.
• Improved Partial Key Management: Auto-detection of key types, one-time secure client-side splitting, and clearer visuals.
• Contextual Documentation: UI components now link directly to relevant documentation sections (e.g., Partial Keys, DeviceCheck).

These changes are aimed at reducing friction and helping you securely integrate AI into your iOS apps more quickly.

We are thrilled to announce the Private Beta Launch of Proxed.AI!

Our open-source platform, designed to make securing AI API integrations simple and effective for iOS developers, is now available for you to use. This launch brings together key features developed to address common security and usability challenges:

• One-URL Security Concept: Easily secure your AI API calls by routing them through Proxed.AI.
• Core Security Features: Includes robust DeviceCheck integration and our innovative Partial Key management system.
• Structured Data: Leverage the Visual Schema Builder to define and receive structured, validated responses from AI models.
• Initial Analytics: Monitor API usage and track performance via the dashboard.
• Open Source Commitment: Our codebase is on GitHub, and we welcome community involvement.

We're launching with initial support for OpenAI and Anthropic APIs, with more to come.

#

Get Started During Beta:

• Free Tier: Available for up to 1,000 API calls/month.
• Pro & Ultimate Tiers: For higher usage needs.
• Explore the Documentation and GitHub Repository.

This is a significant milestone, and we look forward to your feedback as we continue to evolve Proxed.AI!

This update provides more insight into our multi-layered security approach for API key management and token generation.

#

Core Security Layers:

1. Split-Key Architecture: API keys are cryptographically split. The server part is stored securely within Proxed.AI infrastructure, while the client part (with metadata including version and a unique split ID) resides on the device. Both are required for key reconstruction, which only happens momentarily during request processing.
2. Apple DeviceCheck Integration: Every API request requires a valid DeviceCheck token, cryptographically signed by Apple, ensuring requests originate from genuine iOS devices running your application.
3. Client-Side Key Splitting: The process of splitting keys, generating cryptographic salt, and embedding metadata is designed to happen client-side, further minimizing exposure.

This system ensures that no single location holds a complete API key and that only verified devices can initiate requests, forming the foundation of our zero-trust key management strategy.

We're excited to roll out the Visual Schema Builder, a powerful new tool within the Proxed.AI dashboard designed to make working with structured LLM responses more intuitive and efficient.

#

Key Capabilities:

• Visual Schema Design: Utilize a drag-and-drop interface to construct your desired LLM response schemas.
• Import & Export: Seamlessly import existing schemas (e.g., from JSON examples or Zod code) and export ready-to-use validation code (Zod schemas, Swift structs).
• Real-time Validation: Get instant feedback, type checking, and validation for required fields and custom rules as you design.
• Code Generation: Automatically generate Zod schemas for runtime validation and Swift structs for your iOS client applications.
• Advanced Features: Support for nested objects, arrays, enums, optional fields, default values, and custom descriptions to guide the LLM.

This tool aims to simplify the process of ensuring your AI model outputs are predictable, reliable, and easily integrable into your applications.

We're excited to announce the formal start of the Proxed.AI project!

Our core mission is to address the complexities and security concerns developers face when integrating AI models into iOS applications. Proxed.AI is envisioned as an open-source, secure gateway for AI calls on iOS.

#

Initial Focus & Core Concepts:

• Secure Key Management: Designing a robust system to protect API keys from client-side exposure.
• DeviceCheck Integration: Leveraging Apple's DeviceCheck to verify genuine iOS devices and prevent unauthorized requests.
• Structured Responses: Enabling developers to define schemas for predictable and validated AI outputs.
• Usage Tracking: Providing tools to monitor API usage for cost management and performance optimization.

Proxed.AI will be developed as an open-source platform. You can follow our progress and contribute on GitHub.

This marks the beginning of our efforts to build a comprehensive solution for secure and efficient AI integration on iOS.