Security First: API Key Management

Your API key is like a credit card. If someone gets it, they can use your credits. Never hardcode your API keys in your frontend code.

Best Practices:

1. Environment Variables: Use a .env file.
2. Backend Proxy: Make API calls from a server (Node/Next.js) rather than the browser.
3. Key Rotation: Change keys periodically.

Example .env file:

OPENAI_API_KEY=sk-your-secret-key-here

Add .env to your .gitignore immediately!