SkyAIAppSkyAIApp
Get started

Security Best Practices

Build secure, compliant enterprise-grade AI applications.

API Key Security

Critical

Never expose API keys in client-side code, version control, or logs

✅ Do

  • Store API keys in environment variables
  • Proxy all API requests through backend
  • Rotate API keys regularly
  • Use different keys for different environments
// ✅ Good: Backend proxy
// backend/api/chat.ts
import { SkyAI } from "@skyaiapp/sdk";

const sky = new SkyAI({
  apiKey: process.env.SKYAIAPP_API_KEY, // From env var
});

export async function POST(req: Request) {
  const { messages } = await req.json();
  const response = await sky.route({ goal: "cost", messages });
  return Response.json(response);
}

// ❌ Bad: Client-side exposure
const sky = new SkyAI({
  apiKey: "sk_live_xxx" // NEVER do this in client code!
});

Content Guardrails

Enable guardrails to protect against harmful content and privacy leaks:

const response = await sky.route({
  goal: "quality",
  messages: [{ role: "user", content: userInput }],
  guardrails: {
    // PII Detection & Filtering
    pii: {
      enabled: true,
      types: ["email", "phone", "ssn", "credit_card", "address"],
      action: "redact", // or "block"
    },
    // Content Moderation
    moderation: {
      enabled: true,
      categories: ["hate", "violence", "self_harm", "sexual"],
      threshold: 0.7,
    },
    // Topic Filtering
    topicFilter: {
      blocked: ["illegal_activities", "weapons", "adult_content"],
    },
  },
});

if (response.guardrails?.blocked) {
  console.log("Content blocked:", response.guardrails.reason);
}

Access Control

IP Whitelisting

Restrict API access by source IP in dashboard

Rate Limiting

Prevent abuse and DDoS attacks

Audit Logs

Log all API calls for auditing

Role-Based Access

Assign permissions by role

Data Privacy

Data Encryption

Encrypt data in transit and at rest (TLS 1.3 + AES-256)

Data Retention

Configurable retention period, minimum 0 days

Data Isolation

Multi-tenant architecture ensures data isolation

Compliance

SOC 2 Type II, GDPR, CCPA/CPRA certified

Security Checklist

API keys stored in environment variables
All requests proxied through backend
PII filtering enabled
Content moderation enabled
IP whitelisting configured
Audit logging enabled
Regular access permission reviews
Budget alerts configured
Regular API key rotation
Team security training

Need Enterprise Security Support?

Contact us about SSO, dedicated deployments, and more

Contact Sales
Previous
Pricing & Usage Billing
Next
Team Management

Was this page helpful?

Let us know how we can improve

Security Best Practices | SkyAIApp Docs — SkyAIApp