How to hide/encrypt/secure embeded code


We’re planning to embed a Javascript Chat-GPT3 POST function to the Webflow, but it would display our API key publicly.

Is there a way/solution to hide/encrypt/secure an embedded code JS POST function for users not having the ability to see the API key?


The use of a middleware layer is required. That can be your own external server / API or something like Make or Zapier.

Unless I’m misunderstanding here, even given an external server scenario, this hardly provides any security. Anyone that spent 5 minutes learning how to use Chrome dev tools could examine the network activity, locate the endpoints of your server, and just replicate the calls.

While your key would remain secret, this would allow someone to entirely bypass the need for your api key in the first place. This really seems so basic to be able to store secrets, is there really still no webflow support in recreating a .env file?

I understand Logic Flows can loosely function in this regard, but utilizing a logic flow means you completely lose your ability to push changes to staging only. For my use case, this renders logic entirely unusable…

1 Like