Protect Your API Keys from Reverse Engineering
ProtectMyAPI is a secure API proxy that protects your mobile appโs API keys from extraction through reverse engineering. Using device attestation (Apple App Attest & Google Play Integrity), we ensure only legitimate app instances can access your protected APIs.
New to ProtectMyAPI? Get started in 5 minutes with our Quick Start Guide.
The Problem We Solve
When you build mobile apps that use AI services (OpenAI, Anthropic) or payment APIs (Stripe), you face a critical security challenge:
- โ API keys in apps can be extracted through reverse engineering
- โ Obfuscation doesnโt work - determined attackers will find your keys
- โ Stolen keys lead to financial loss from unauthorized usage
- โ Your accounts can be terminated by API providers for abuse
How ProtectMyAPI Works
Device Attestation
Every request is verified using Apple App Attest (iOS) or Google Play Integrity (Android) to ensure it comes from a genuine, uncompromised device running your authentic app.
Secure Secret Storage
Your API keys are stored encrypted (AES-256) on our servers, never in your mobile app. Attackers canโt steal what isnโt there.
Proxied Requests
When your app makes an API call, we verify the device, inject the credentials server-side, and forward to the target API. Your app never sees the actual API key.
Zero Trust
Every single request must prove its legitimacy. No exceptions, no shortcuts.
Platform SDKs
Swift SDK with Apple App Attest integration. Supports iOS 14+.
iOS SDKKotlin SDK with Google Play Integrity. Supports Android 5.0+.
Android SDKCross-platform Dart SDK. Works on both iOS and Android.
Flutter SDKTypeScript SDK for React Native apps.
React Native SDKSupported AI Providers
ProtectMyAPI supports 20+ AI providers out of the box:
| Category | Providers |
|---|---|
| Language Models | OpenAI, Anthropic, Google AI, Mistral, Groq, Cohere |
| Image Generation | Stability AI, DALL-E, Midjourney (via API), Replicate |
| Voice & Audio | ElevenLabs, OpenAI Whisper, AssemblyAI |
| Search & Data | Perplexity, Brave Search, Wolfram Alpha |
| Specialized | DeepSeek (code), Together AI, Fireworks AI |
Quick Integration Example
// iOS - Swift
import ProtectMyAPI
// Configure once at app launch
ProtectMyAPI.configure(appToken: "apt_your_token_here")
// Make secure API calls
let response = try await ProtectMyAPI.shared.request(
endpoint: "openai-chat",
method: .post,
body: [
"model": "gpt-4",
"messages": [
["role": "user", "content": "Hello, world!"]
]
]
)
// Use the response
if let data = response.data {
let json = try JSONDecoder().decode(ChatResponse.self, from: data)
print(json.choices.first?.message.content ?? "")
}Why Choose ProtectMyAPI?
| Feature | ProtectMyAPI | DIY Backend | API Key in App |
|---|---|---|---|
| Key extraction protection | โ Full | โ Full | โ None |
| Device verification | โ Native | โ Manual | โ None |
| Setup time | 5 minutes | Days/Weeks | Instant |
| Maintenance | โ Managed | โ You | โ None |
| Cost | Pay per use | Server costs | Free (risky) |
Security Features
- Apple App Attest - Cryptographic proof of genuine iOS devices
- Google Play Integrity - Verification for Android devices and apps
- AES-256 Encryption - Secrets encrypted at rest
- TLS 1.3 - All traffic encrypted in transit
- Certificate Pinning - Built into SDKs to prevent MITM attacks
- Jailbreak Detection - Block compromised devices
- Rate Limiting - Prevent abuse and control costs
Pricing
| Plan | Price | Requests/Month | Apps |
|---|---|---|---|
| Free | $0 | 1,000 | 1 |
| Pro | $29/mo | 50,000 | Unlimited |
| Business | $99/mo | 500,000 | Unlimited |
| Enterprise | Custom | Unlimited | Unlimited |
Get Started
Get up and running in 5 minutes
Quick Start GuideUnderstand the security architecture
How It WorksConfigure your apps and endpoints
Dashboard GuideCommon issues and solutions
TroubleshootingNeed Help?
- ๐ FAQ - Common questions answered
- ๐ Troubleshooting - Fix common issues
- ๐ฌ Discord - Community support
- ๐ง [email protected] - Direct support