Hello Community, We are developing a widget for our customers, which they can add to their websites. Currently, we are using a general public API key to enable functionality. However, this raises concerns about securely handling the public key. We are exploring ways to enhance security and flexibility by: Generating customer-specific public API keys that can be tied to allowed origins. Providing the ability to edit the list of allowed origins dynamically via an endpoint. We’ve noticed the following endpoint that might help: https://api.vapi.ai/api#/default/EnterpriseInfoController_createEnterprise Would it be better to: Use this endpoint to create a new enterprise and assign a unique public key for each customer? Or implement a separate endpoint specifically for generating customer-specific public keys with allowed origins? Any suggestions or best practices to securely manage API keys in this scenario would be greatly appreciated! Thank you in advance! https://cdn.discordapp.com/attachments/1322080360691142727/1322082139562577981/Screenshot_155.png?ex=676f9471&is=676e42f1&hm=8e37d610ea3d13c98c26887b315903b107a283231e3ad863684206a36f4ecb40&

@mauryasumit Sorry for the late response. The first option is to generate organization-specific public API keys with allowed origins, which is the best and easiest solution. This ensures other domains won't be able to access your organization.

@Shubham Bajaj Thanks for the response I will create the api key for each customer but problem is that how can i calculate the charge for that specific API key

Each API key is associated with an organization ID (OrgID), so you can calculate the charge using the OrgID, unless you're using the same OrgID with different public keys.