Mobile AI Integration Without Exposing API Keys
Mobile AI integration without exposing API keys
Every mobile dev runs into the same security headache: where do you stash API keys?
Hardcode them in your app? Bad idea — reverse-engineering tools grab them in seconds. Store them in environment variables? Still exposed in compiled code. Use a backend proxy? More infra, more cost, more hassle.
There's a better way.
The security problem
When you're building AI-powered mobile apps, you need keys for services like OpenAI, Anthropic, or Google. But sticking those keys in your app is a huge risk:
- Decompilers like JADX (Android) and Hopper (iOS) can pull strings right out of your binary
- Network sniffing can catch keys if encryption isn't tight
- App store reviews can flag hardcoded credentials
- Key rotation turns into a nightmare — you've gotta push a whole new version
One leaked key means someone can hammer your API usage. Not a risk you want.
Enter AI Pass Mobile SDK
AI Pass takes a simple, powerful stance: let it manage your API keys securely.
How it works:
- Users sign up for AI Pass and add their own API keys
- Your app uses OAuth to talk to AI Pass on the user's behalf
- AI Pass SDK fetches the keys securely — your app never sees them
- API calls go through AI Pass — user pays directly, you earn a 50% commission
Your app becomes a secure conduit. Keys stay in AI Pass's encrypted vault, never touching your client.
The flow
User's App (Your Code)
↓ (OAuth 2.0)
AI Pass Platform
↓ (Encrypted fetch)
User's API Key Vault
↓ (Proxy with key)
AI Service Provider
Your app authenticates with AI Pass via OAuth. AI Pass then proxies requests to the AI service, injecting the user's key on the server side. You never see the raw key—just clean, authenticated calls.
Quick API test (curl)
Before diving into SDKs, you can test the AI Pass API directly with curl:
# First, authenticate and get an access token
curl -X POST https://aipass.one/oauth2/token \
-H "Content-Type: application/json" \
-d '{
"clientId": "YOUR_CLIENT_ID",
"grantType": "password",
"email": "user@example.com",
"password": "userpassword"
}'
# Use the access token to generate an image
curl -X POST https://aipass.one/api/v1/generate/image \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"model": "flux-pro/v1.1",
"prompt": "A cute cat wearing sunglasses"
}'
# Or generate text completion
curl -X POST https://aipass.one/api/v1/generate/completion \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"model": "google/gemini-2.5-flash-lite",
"messages": [
{"role": "user", "content": "Summarize this in one sentence: AI is changing everything."}
]
}'
Android integration
A quick look at wiring the AI Pass SDK into an Android app:
Step 1: Add OAuth client
Head to the AI Pass Developer Panel and create an OAuth 2.0 client. Note your clientId. Set requireLogin: true so the SDK automatically shows the AI Pass login screen.
Step 2: Initialize the SDK
// In your Application class or MainActivity
val aipass = AIPassClient(
clientId = "YOUR_CLIENT_ID",
context = this
)
Step 3: Authenticate user
The SDK handles the OAuth flow automatically:
// Launch login — SDK shows auth screen
aipass.login { result ->
when (result) {
is AuthResult.Success -> {
// User is authenticated, keys are ready
generateImage()
}
is AuthResult.Error -> {
// Handle error
}
}
}
Step 4: Make AI calls
Now you can use AI models without juggling keys:
fun generateImage() {
aipass.generateImage(
model = "flux-pro/v1.1",
prompt = "A cute cat wearing sunglasses"
) { result ->
when (result) {
is GenerateImageResult.Success -> {
val imageUrl = result.data[0].url
// Show the image in your UI
}
is GenerateImageResult.Error -> {
// Handle error
}
}
}
}
Example: Text generation
fun generateSummary(text: String) {
aipass.generateCompletion(
model: "google/gemini-2.5-flash-lite",
messages = listOf(
Message("user", "Summarize this: $text")
)
) { result ->
when (result) {
is CompletionResult.Success -> {
val summary = result.choices[0].message.content
// Use the summary
}
is CompletionResult.Error -> {
// Handle error
}
}
}
}
iOS integration
Same story on iOS—the Swift SDK keeps things secure:
Step 1: Create OAuth client
Same as Android: AI Pass Developer Panel
Step 2: Initialize SDK
import AIPassSDK
let aipass = AIPassClient(
clientId: "YOUR_CLIENT_ID"
)
Step 3: Authenticate
// Launch OAuth login
aipass.login { result in
switch result {
case .success:
generateImage()
case .failure(let error):
print("Auth error: \(error)")
}
}
Step 4: Generate image
func generateImage() {
aipass.generateImage(
model: "flux-pro/v1.1",
prompt: "A futuristic city at sunset"
) { result in
switch result {
case .success(let data):
let imageUrl = data[0].url
// Load and display image
case .failure(let error):
print("Generation error: \(error)")
}
}
}
Example: Text completion
func generateCompletion(prompt: String) {
aipass.generateCompletion(
model: "google/gemini-2.5-flash-lite",
messages: [
Message(role: "user", content: prompt)
]
) { result in
switch result {
case .success(let data):
let response = data.choices[0].message.content
// Use the response
case .failure(let error):
print("Error: \(error)")
}
}
}
Real-world example: AI Audio Transcriber
See it in action at AI Audio Transcriber — an AI-powered transcription app that securely handles audio-to-text conversion.
Users can bring their own API keys or use AI Pass credits. The app code never touches a raw key, keeping everything by design.
Key benefits
Security first
- No keys in app code — zero extraction risk
- OAuth-based sign-in — standard, solid
- Server-side key injection — keys never leave AI Pass
User control
- BYOK (Bring Your Own Key) — users stay in control
- Direct billing — users pay AI providers directly
- Transparent pricing — no sneaky markups
Developer friendly
- Simple OAuth flow — SDK handles the heavy lifting
- Cross-platform SDKs — Android, iOS, and web
- 50% commission — you earn on every call
No backend required
Unlike setups that need a proxy server, AI Pass handles the heavy lifting. Your app stays client-side and focused on experience.
Getting started
Ready to add AI to your mobile app without the headache?
- Sign up for AI Pass — a $1 free credit to test
- Create an OAuth client — in the Developer Dashboard
- Integrate the SDK — use the Android or iOS examples above
- Deploy and earn — users pay directly, you keep 50%
Stop worrying about leaked keys. Let AI Pass handle the security so you can build amazing AI features.