Mikee
April 24, 2025, 9:04am
1
Hey!
fetch(“https://openrouter.ai/api/v1/chat/completions ”, {
Joyce
April 24, 2025, 9:14am
2
Hi @Mikee
The first thing to note is that it’s not safe to make this call from a frontend.
Because:
The Authorization header contains your OpenRouter API key .
If this is in the frontend (e.g. WeWeb), any user can view the API key by checking the browser’s dev tools.
This exposes your key to misuse, which could lead to:
Unexpected charges (if it’s tied to billing).
Abuse of your usage quota.
Potential suspension of your API access due to abuse.
Move the fetch call to a backendr (e.g. Xano, Supabase).Keep the API key secret on the server.
Have your frontend send a request to your backend (e.g. calling a Xano endpoint or invoking a Supabase edge function).
Your backend makes the actual call to OpenRouter and sends the result back to the frontend.
Does that make sense?
Mikee
April 24, 2025, 9:28am
3
Hey, @Joyce . Is it possible to make a backend call from WeWeb? Server-side api call?
Joyce
April 24, 2025, 10:05am
4
No, with the REST API plugin, you can proxy your request to bypass CORS issues but the call will still be made from the frontend. That’s why I recommend you setup the call to OpenRouter in your backend and then trigger that call from WeWeb.
Joyce
April 24, 2025, 10:09am
5
By the way, if you use Supabase as your backend, you can ask WeWeb AI to create the edge function for you:
Once that was created, you can invoke it anywhere in your WeWeb app .
Another approach would be to create a webhook in Zapier, n8n, or Make and then make an API call to that webhook.
Safe Approach