The State Changers had a meeting regarding system setup and security concerns regarding API keys, specifically with OpenAI. They discussed best practices for storing API keys, suggesting that they should be routed through the back end of the system to establish a layer of security against potential threats. The point was raised that 'malign actors' could misuse these keys if found on GitHub.
The benefits of utilizing a middleman framework like Xano were outlined, including its ability to handle communication securely between the front-end user and backend systems, and the ability to manage quotas and rate limit users as necessary. Xano also allows shaping data responses from OpenAI, ensuring that the output meets specific expectations. The team also discussed OpenAI usage strategies, the idea that although there is existing documentation and snippets, best practices and protocols are still being established, as OpenAI's API has become increasingly popular in recent times. Finally, the conversation turned toward payment gateway management, with Stripe being identified as the primary choice among the group. Concerns were raised about how the Stripe checkout feature calculates subscription timelines, and the importance of managing this correctly to avoid confusion or loss of subscription for users. The option of using membership and subscription management platforms like member stack or outseta was also suggested.
(Source: Office Hours 4/28 )
