API Services
API Services (also called Endpoints) define the external APIs your app can call through ProtectMyAPI. Each service specifies where requests go and how authentication is handled.
🔌
How it works: Your app calls ProtectMyAPI → We inject your API key → Forward to the target API → Return the response. Your API key never touches the device.
Service Types
Prebuilt Providers
One-click setup for 20+ popular APIs:
| Category | Providers |
|---|---|
| AI Chat | OpenAI, Anthropic, Google Gemini, Mistral, Groq, DeepSeek |
| Image Generation | Stability AI, DALL-E, Replicate, Fal.ai |
| Voice & Audio | ElevenLabs, OpenAI Whisper, OpenAI TTS |
| Search | Brave Search, Perplexity |
| Translation | DeepL |
| Other | Open-Meteo (Weather), OpenRouter |
Custom Endpoints
Create your own endpoints for any REST API.
Creating a Service
Go to API Services
- Click “API Services” in the sidebar
- Click “Create Service”
Choose Service Type
Using a prebuilt provider:
- Browse or search for your provider
- Click on the provider card
- Select which endpoints you need:
- OpenAI: Chat, Images, Audio, Embeddings
- Anthropic: Messages
- etc.
- Link your API key (from Secrets)
- Click “Create”
Link to Apps
- Go to Apps → Select your app
- Click “Linked API Services” tab
- Click “Link Service”
- Select the service you created
- Save
Authentication Types
| Auth Type | Header/Query | Example |
|---|---|---|
| Bearer Token | Authorization: Bearer {key} | OpenAI, Anthropic |
| API Key Header | X-Api-Key: {key} | Anthropic alternative |
| API Key Query | ?api_key={key} | Some legacy APIs |
| Basic Auth | Authorization: Basic {base64} | Username/password APIs |
| None | No auth added | Public APIs |
Configuring Authentication
- Select the Auth Type
- Choose the Secret containing your API key
- For custom headers, specify the Header Name
Auth Type: API Key Header
Header Name: X-Custom-Auth
Secret: MY_API_KEY
Result: X-Custom-Auth: sk-abc123...Service Settings
General Settings
| Setting | Description |
|---|---|
| Name | Display name in dashboard |
| Slug | Identifier used in SDK calls |
| Description | Optional notes |
| Target URL | Destination API endpoint |
Request Settings
| Setting | Default | Description |
|---|---|---|
| Timeout | 30s | Max wait time for response |
| Method | POST | HTTP method |
| Cache Enabled | Off | Cache responses (for GET) |
| Circuit Breaker | Off | Auto-disable on repeated failures |
Secret Binding
Link multiple secrets for complex auth:
Primary: OPENAI_API_KEY → Authorization header
Secondary: ORG_ID → OpenAI-Organization headerUsing Services in Code
By Slug
// iOS - Call by slug
let response = try await ProtectMyAPI.shared.request(
endpoint: "openai-chat", // ← The slug
method: .POST,
body: [
"model": "gpt-4o",
"messages": [["role": "user", "content": "Hello!"]]
]
)// Android - Call by slug
val response = ProtectMyAPI.request(
endpoint = "openai-chat", // ← The slug
method = "POST",
body = mapOf(
"model" to "gpt-4o",
"messages" to listOf(mapOf("role" to "user", "content" to "Hello!"))
)
)Using AI Provider Helpers
For prebuilt providers, use the typed helpers:
// iOS
let openai = ProtectMyAPI.openAIService()
let response = try await openai.chat(
message: "Hello!",
model: "gpt-4o"
)// Android
val openai = ProtectMyAPIAI.openAIService()
val response = openai.chat(
message = "Hello!",
model = "gpt-4o"
)Prebuilt Provider Reference
OpenAI
| Endpoint | Slug | Purpose |
|---|---|---|
| Chat Completions | openai-chat | GPT-4, GPT-3.5 chat |
| Image Generation | openai-images | DALL-E 3 |
| Audio Transcription | openai-audio | Whisper |
| Text-to-Speech | openai-tts | Voice synthesis |
| Embeddings | openai-embeddings | Text embeddings |
Required secret: OPENAI_API_KEY
Anthropic
| Endpoint | Slug | Purpose |
|---|---|---|
| Messages | anthropic-messages | Claude chat |
Required secret: ANTHROPIC_API_KEY
Google Gemini
| Endpoint | Slug | Purpose |
|---|---|---|
| Generate Content | gemini-generate | Gemini Pro/Flash |
Required secret: GOOGLE_API_KEY
Stability AI
| Endpoint | Slug | Purpose |
|---|---|---|
| Text-to-Image | stability-generate | Image generation |
Required secret: STABILITY_API_KEY
Advanced Configuration
URL Parameters
For dynamic URLs, use path parameters:
Target URL: https://api.example.com/users/{userId}/dataCall with:
let response = try await ProtectMyAPI.shared.request(
endpoint: "user-data",
pathParams: ["userId": "123"]
)Query Parameters
Add default query parameters:
Target URL: https://api.example.com/search
Default Query: format=json&version=2Custom Headers
Add headers beyond authentication:
| Header | Value |
|---|---|
Content-Type | application/json |
X-Custom-Header | custom-value |
Troubleshooting
”Endpoint not found”
- Verify the slug matches exactly
- Check the service is linked to your app
- Ensure the service is enabled
”Authentication failed”
- Verify your API key is correct in Secrets
- Check the secret is linked to the service
- Confirm the auth type matches the provider’s requirements
”Target unreachable”
- Verify the Target URL is correct
- Check if the API requires whitelisting
- Review timeout settings
”Rate limited”
- The target API is limiting requests
- Check your plan limits with the provider
- Implement client-side rate limiting
Best Practices
Naming Conventions
✅ Good: openai-chat-production
✅ Good: stripe-payments
❌ Bad: endpoint1Environment Separation
Create separate services for development and production:
openai-chat-dev→ Uses test API keyopenai-chat-prod→ Uses production API key
Security
- Use specific secrets per service (not shared keys)
- Enable circuit breaker for unreliable APIs
- Set appropriate timeouts
- Monitor usage in Analytics