Insights on API security & infrastructure
Technical deep dives, product updates, and engineering insights from the SaltingIO team.
Surviving OpenAI rate limits from a static frontend, no backend required
Hide an OpenAI key behind a SaltingIO Bridge and handle 429 throttling and 402 quota errors from the browser with a backoff loop.
What zero-knowledge encryption means for an API key you can't see
Zero-knowledge AES-256-GCM encryption at rest, what it actually protects when SaltingIO holds your API key, and the auth pitfalls to avoid.
Find which Bridge is draining your OpenAI quota with SaltingIO logs
Per-Bridge request and error counts in the SaltingIO Logs page tell you exactly which proxied endpoint regressed. Here's how to read them.
Share an API key with a contractor without putting it in email
A safer pattern for handing a third-party API credential to a teammate or client, using SaltingIO's password-protected secure page links.
Origin allowlists: locking a public Bridge UUID to your domain
Your Bridge UUID lives in the browser. Origin allowlists block any domain you didn't list with a 403, stopping strangers who copy-paste your URL.
Template variables: one Bridge for every OpenAI route
One SaltingIO Bridge can stand in for every OpenAI route you call. Here's how template variables turn five endpoints into a single, parameterised proxy.