❓ FAQ

Frequently Asked Questions

Answers to the most common questions about ProtectMyAPI.

General Questions

What is ProtectMyAPI?

ProtectMyAPI is a secure API proxy for mobile apps that:

  • Protects your API keys from being stolen
  • Verifies every request comes from a real device
  • Works with 20+ AI providers (OpenAI, Claude, etc.)
  • Requires no backend code

How does it protect my API keys?

Your API keys are stored on our servers, never in your app. When your app makes a request:

  1. Our SDK creates cryptographic proof using device hardware
  2. We verify the proof with Apple/Google
  3. Only then do we inject your API key and forward the request
  4. Your app never sees the actual API key

What platforms are supported?

PlatformSDK Status
iOS (Swift)✅ Production Ready
Android (Kotlin)✅ Production Ready
Flutter✅ Production Ready
React Native✅ Production Ready

Which AI providers are supported?

20+ providers including:

  • Chat: OpenAI (GPT-4), Anthropic (Claude), Google Gemini, Mistral, Groq, DeepSeek
  • Images: DALL-E, Stability AI, Replicate, Fal.ai
  • Voice: ElevenLabs, Whisper
  • Search: Perplexity, Brave Search
  • And more: DeepL, Open-Meteo, OpenRouter

You can also create custom endpoints for any REST API.

Security Questions

How does device attestation work?

iOS (App Attest):

  • Uses the Secure Enclave chip
  • Apple cryptographically verifies your app
  • Proves: real device, real app, unmodified

Android (Play Integrity):

  • Uses Trusted Execution Environment (TEE)
  • Google verifies device and app integrity
  • Proves: genuine device, your app, unmodified

Can hackers bypass attestation?

While no security is 100%, attestation is extremely difficult to bypass:

  • Requires compromising hardware security chips
  • Apple/Google continuously patch vulnerabilities
  • Combined with other protections (signing, pinning)

What if someone decompiles my app?

They’ll only find your App Token (not secret). Without:

  • A real, uncompromised device
  • Your actual signed app
  • Valid attestation

…they cannot make authenticated requests.

Is my data encrypted?

DataEncryption
API keys (secrets)AES-256 at rest
Requests in transitTLS 1.3
Stored dataEncrypted at rest

Technical Questions

Can I test on simulators/emulators?

Limited testing only. Attestation requires real hardware:

EnvironmentAttestationWorkaround
iOS Simulator❌ No Secure EnclaveUse development mode
Android Emulator❌ No TEEUse development mode
Real Device✅ Full supportRequired for production testing

For development, you can disable attestation:

let config = ProtectMyAPIConfiguration(
    appId: "app_...",
    environment: .development,
    allowSimulator: true  // Only for development!
)

What’s the latency overhead?

OperationOverhead
First request (attestation setup)~200-300ms
Subsequent requests~20-30ms
Total proxy overhead~10-15ms

Most users don’t notice any difference.

Can I use my own backend too?

Yes! ProtectMyAPI handles API protection, but you can:

  • Call your own backend directly for other features
  • Use ProtectMyAPI only for sensitive APIs
  • Mix and match as needed

Do I need to modify my API calls?

Minimal changes. Instead of calling the API directly:

// Before (insecure)
let response = try await URLSession.shared.data(from: openAIURL)
 
// After (secure)
let response = try await ProtectMyAPI.shared.request(endpoint: "openai-chat", body: ...)

Pricing Questions

Is there a free tier?

Yes! The free tier includes:

  • 10,000 requests/month
  • Unlimited apps
  • All AI providers
  • 7 days analytics

No credit card required.

What happens if I exceed my limit?

At 100% usage:

  • New requests return 429 Too Many Requests
  • You receive email notification
  • Option to upgrade immediately
  • Resets next billing period

Can I upgrade mid-month?

Yes. Upgrades take effect immediately. You’re charged prorated for the remainder of the billing period.

Do you offer refunds?

We offer refunds within 14 days of purchase if you’re unsatisfied. Contact [email protected].

Integration Questions

How long does integration take?

Most developers integrate in under an hour:

  • 5 minutes: Create account and app
  • 10 minutes: Add SDK to project
  • 15 minutes: Configure and test
  • 30 minutes: Polish and deploy

Do I need to change my app’s architecture?

No major changes needed. The SDK is a drop-in replacement for direct API calls.

Can I migrate existing apps?

Yes. Common migration path:

  1. Add ProtectMyAPI SDK
  2. Add your API keys as secrets
  3. Replace direct API calls with SDK calls
  4. Test on real devices
  5. Deploy update

What if ProtectMyAPI goes down?

We maintain 99.9% uptime with:

  • Global infrastructure
  • Automatic failover
  • Redundant systems

Always implement error handling for edge cases.

Account Questions

How do I delete my account?

  1. Go to Settings → Privacy
  2. Click “Delete Account”
  3. Confirm deletion
  4. 30-day grace period to cancel
  5. Data permanently deleted after grace period

Can I export my data?

Yes. Go to Settings → Privacy → Export Data. You’ll receive an email with a download link.

How do I transfer ownership?

  1. Go to Team settings
  2. Click “Transfer Ownership”
  3. Select new owner
  4. Confirm transfer

Compliance Questions

Is ProtectMyAPI GDPR compliant?

Yes. We comply with:

  • GDPR (EU)
  • CCPA (California)
  • LGPD (Brazil)
  • And other regional regulations

See our Privacy & Compliance page.

Where is data stored?

Data is stored in secure cloud infrastructure with:

  • Primary: US-based servers
  • Redundancy: Multi-region backup
  • Encryption: At rest and in transit

Do you have SOC 2 certification?

SOC 2 Type II certification is in progress. Contact us for our security documentation.

Still Have Questions?

Fix common issues

🔧 Troubleshooting

Join our community

💬 Discord

Contact our team

📧 Support

Browse all docs

📚 Documentation
🔧 Troubleshooting⚠️ Error Codes