All sensitive API keys are stored as environment variables:
GROK_API_KEY: For X.AI/Grok transformationsELEVENLABS_API_KEY: For text-to-speech synthesisSPOTIFY_CLIENT_IDandSPOTIFY_CLIENT_SECRET: For music discovery
API calls are routed through Netlify Functions to protect keys:
/api/transform: Handles Grok API requests/api/speech: Handles ElevenLabs synthesis- Keys never exposed in client-side code
- Create
.envfile from.env.example - Add your API keys
- Never commit
.envto version control - Use
.gitignoreto exclude sensitive files
- Configure environment variables in Netlify dashboard
- Keys stored securely in Netlify's environment
- Automatic HTTPS encryption
- Rate limiting and error handling included
- All requests proxy through serverless functions
- Rate limiting with exponential backoff
- Error handling and recovery
- Request validation and sanitization
- No sensitive data in browser
- CORS protection
- Content Security Policy headers
- XSS prevention measures
- Dependencies regularly updated
- Security vulnerabilities monitored
- Code review process
- Secure coding guidelines
- Comprehensive error logging
- Security event monitoring
- Rate limit tracking
- API usage analytics
- API endpoint monitoring
- Service availability checks
- Performance metrics
- Error rate monitoring