Securely using serverless endpoints on the client-side?
I have a use case where I'm doing a client-server webapp that uses serverless endpoints. In order to minimize latency I'd like to directly call to runpod on the client (web page) instead of having the response travel to the server and then to the client. Obviously I don't want to leak my API key.
fal.ai solves this by letting you create temporary/single-use JWT tokens on the server-side. Then the client can directly talk to their endpoints for a very short timeframe.
From what I've read, runpod does not even allow creating API keys on the fly, nor do they allow you to create a specific key for only one endpoint. Do you guys have any solutions for this?
2 Replies