Backmesh

Backmesh is a powerful, open-source Backend as a Service (BaaS) specifically engineered for the new generation of AI-powered applications. It addresses a critical security and architectural challenge for developers: how to safely call Large Language Model (LLM) APIs from client-side applications (web or mobile) without exposing sensitive private API keys. Backmesh acts as an intelligent and secure LLM API Gatekeeper, sitting between your app and the LLM provider, ensuring that all communications are authenticated, authorized, and monitored.

The core philosophy of Backmesh is to simplify development without compromising on security. By integrating Backmesh, developers can avoid the time-consuming process of building and maintaining a dedicated backend server solely for API key management and request proxying. This allows for faster iteration, quicker feature releases, and a focus on creating a great user experience within the AI application itself.

How to use Backmesh

Integrating Backmesh into your application is designed to be straightforward with minimal code changes. The process fundamentally involves two key steps:

1. Redirect API Calls: Instead of sending requests directly to the LLM provider's URL (e.g., `api.openai.com`), you configure your LLM SDK to point to your unique Backmesh Gatekeeper URL.
2. Replace API Key with JWT: You replace the static, private LLM API key in your client-side code with a dynamic JSON Web Token (JWT) obtained from your application's authentication provider (like Supabase or Firebase) after a user logs in. This JWT proves the user's identity to Backmesh.

For example, in a JavaScript application using the OpenAI SDK and Supabase for authentication, you would initialize the client by passing the Backmesh URL and the user's session access token as the `apiKey`. Backmesh then receives the request, validates the JWT, checks against any configured rules (like rate limits), and securely forwards the request to the LLM API using its own stored private key. This entire process is transparent to the end-user and the LLM provider.

Core Features of Backmesh

• LLM API Gatekeeper: The central feature that securely proxies requests from your app to LLM APIs, completely hiding your private keys from the client.
• JWT Authentication: Integrates with popular authentication providers like Supabase and Firebase. It verifies each request using the user's JWT, ensuring only authenticated users can access the LLM.
• Per-User Rate Limiting: Prevent API abuse and manage costs effectively by setting configurable rate limits for each user (e.g., no more than 10 requests per minute per user).
• Resource Access Control: Protects sensitive API resources. For instance, with OpenAI's API, it ensures that only the user who created a specific File or Thread can continue to access it, enhancing data privacy.
• SDK-less LLM Analytics: Automatically instruments all proxied LLM API calls to provide valuable insights. Developers can access a dashboard to monitor usage patterns, track costs, analyze error rates, and compare model performance across users without adding any analytics packages to their app.
• Open Source & Self-Hostable: Backmesh is fully open-source, giving developers complete transparency and control. It can be self-hosted on a personal Cloudflare account, leveraging Cloudflare's generous free tier.
• Multi-Provider Support: Natively supports major LLM APIs including OpenAI, Google Gemini, Anthropic, and Cloudflare Workers AI, offering flexibility in choosing the best model for your needs.

Use Cases for Backmesh

Backmesh is ideal for a wide range of development scenarios:

• Rapid Prototyping: Quickly build and test AI-driven features in web and mobile apps without the overhead of a full backend infrastructure.
• Serverless AI Applications: Create fully functional, serverless AI apps, such as a ChatGPT-like client built with frameworks like Flutter or React, that communicate directly and securely with LLMs.
• Secure Enterprise Applications: Enable internal or customer-facing applications to use LLMs while enforcing strict user-based access controls and monitoring.
• Indie Developers & Startups: Launch AI products faster and more securely, allowing small teams to compete by focusing on innovation rather than backend maintenance.

Advantages of Backmesh

Using Backmesh provides several key advantages:

• Drastically Improved Security: Eliminates the risk of exposing private LLM API keys in client-side code, which is a major security vulnerability.
• Simplified Architecture: Reduces the complexity and cost of your application's infrastructure by removing the need for a dedicated backend for API proxying.
• Accelerated Development: Speeds up the development lifecycle, enabling faster time-to-market for new AI features and applications.
• Cost and Abuse Control: Granular per-user rate limits prevent unexpected cost spikes and protect your service from abuse by malicious users.
• Actionable Insights: The built-in analytics dashboard provides the data needed to understand user behavior, optimize costs, and improve the overall application.
• Flexibility and No Vendor Lock-in: The open-source nature and self-hosting option provide ultimate flexibility and ensure you are never locked into a single SaaS provider.

Pricing and Plans

Backmesh offers a flexible pricing model to suit different needs, including a free 15-day trial for its paid plans.

• Open Source (Self-Hosted): As an open-source project, Backmesh can always be self-hosted on your own Cloudflare account for free. This is a great option for developers who want maximum control.
• Starter Plan: Priced at $10 per month, this plan includes 500,000 requests and 50,000 Monthly Active Users (MAUs). It's perfect for small projects and startups.
• Pro Plan: Designed for growing applications with higher traffic. Pricing is customized; you need to contact the sales team ('Chat with us'). It includes a higher baseline of 2,000,000 requests and 100,000 MAUs, with options to pay for additional usage.
• Enterprise Plan: A fully custom plan for large-scale applications with specific needs for support, security, and unlimited usage. Contact sales for a quote.