API Keys

Learn how to manage and secure your Next-Blog-AI API keys

Understanding API Keys

API keys are used to authenticate requests to the Next-Blog-AI service. Each API key is unique to a website project in your account and gives access to your blog content for that project. Protecting these keys is essential for the security of your account.

API Key Management

When initializing the Next-Blog-AI client, you must provide an API key for authentication:

// lib/next-blog-ai.ts
import { createNextBlogAIForNextJs } from 'next-blog-ai';

// Initialize with your API key (Next.js App Router, server component or API route)
const { getBlogPosts } = createNextBlogAIForNextJs(process.env.NEXT_BLOG_AI_API_KEY!);

// Usage example in a Next.js Server Component
const { data } = await getBlogPosts();

Securely Storing API Keys

Always store your API keys securely. In Next.js projects, use environment variables to keep your keys out of your codebase:

Environment Variables in Next.js

Add your API key to .env.local in your project root:

# .env.local
NEXT_BLOG_AI_API_KEY=your_api_key_here

For deployment environments, add the API key to your hosting platforms environment variables section:

• Vercel: Add in Project Settings → Environment Variables
• Netlify: Add in Site Settings → Build & deploy → Environment
• AWS: Use AWS Secrets Manager or Parameter Store

API Key Security Best Practices

# .gitignore
.env
.env.local
.env.*.local

// ✅ Good: Server-side API call
// In a server component or API route
const { data } = await nextBlogAI.getBlogPosts();

// ❌ Bad: Client-side exposure
// This would expose your API key!
const client = createNextBlogAI({
  apiKey: exposed-api-key, // NEVER do this
});

Handling Compromised API Keys

If you believe an API key has been compromised:

1. Immediately revoke the compromised key from your dashboard
2. Generate a new API key
3. Update all applications using the old key
4. Review your account for any unauthorized usage