Proxy Functions

Your Stripe key is in the browser DevTools right now

Static sites can't hide API keys. Every fetch to Stripe, SendGrid, or OpenAI exposes your secret in the network tab. Proxy functions fix this in 2 clicks -- no serverless functions to write.

Start Free -- No Credit Card Read the Docs

Stop writing boilerplate serverless functions

You already store secrets in EnvManager. Now they do the work for you.

Without proxy functions

Write, deploy, and maintain a serverless function for every API call:

// api/send-email.ts -- you write this

export default async function handler(req) {'{'}

const res = await fetch('https://api.brevo.com/v3/smtp/email', {'{'}

method: 'POST',

headers: {'{'}

'api-key': process.env.BREVO_API_KEY,

'Content-Type': 'application/json',

{'}'},

body: req.body,

{'}'})

return new Response(await res.text(), {'{'}

status: res.status,

headers: {'{'} 'Access-Control-Allow-Origin': '*' {'}'},

{'}'})

{'}'}

+ CORS handling, error handling, deploy config, env var setup on the platform...

With proxy functions

Pick a template, select your secret, done:

// your-frontend.js -- just fetch

const res = await fetch(

'https://your-app.supabase.co/functions/v1/proxy-handler/abc123',

{'{'}

method: 'POST',

headers: {'{'}

'x-proxy-token': 'your-proxy-token',

'Content-Type': 'application/json',

{'}'},

body: JSON.stringify({'{'} to: 'user@example.com' {'}'}),

{'}'},

)

No serverless function. No platform env vars. No CORS config. Just a URL and a token.

Three steps. Two minutes. Zero exposed secrets.

Pick a template

Choose from pre-built templates for Stripe, Brevo, OpenAI, and more. Or start from scratch with a custom proxy.

Map your secrets

Select which secrets to inject and where -- as headers, query params, or body fields. Supports templates like Bearer ${'${value}'}.

Call the URL

Get a hosted proxy URL and token. Replace your API call with a fetch to the proxy. Secrets are injected server-side, never visible in the browser.

Pre-built for the APIs you already use

One-click templates with the right headers, auth patterns, and body structure already configured.

StripePayments

BrevoEmail

OpenAIAI

SendGridEmail

ResendEmail

MailgunEmail

TwilioSMS

Custom APIAny API

Hosted or self-hosted. Your call.

Recommended

Hosted Proxy

EnvManager runs the proxy for you. Get a URL, add it to your frontend, and you're done. No infrastructure to manage.

Zero deployment -- works immediately

Secrets fetched from vault at runtime

Built-in rate limiting and analytics

CORS protection per proxy

Advanced

Download Code

Download generated proxy code for your own platform. Deploy to Vercel, Netlify, Cloudflare, or AWS Lambda.

Full control over infrastructure

Platform-specific code generation

Secrets via platform env vars

CORS, auth, and error handling included

Defense in depth, not just CORS

Every proxy call is authenticated, rate-limited, and logged.

Per-proxy tokens

Each proxy gets a unique secret token. Rotate instantly if compromised.

Origin allowlists

Lock each proxy to specific domains. Block requests from unauthorized origins.

Rate limiting

Set per-minute limits to prevent abuse. Sliding window with standard rate headers.

Vault-backed secrets

Secrets are decrypted at request time and never stored in plaintext. Same encryption as your variables.

Usage analytics

See invocation trends, error rates, and response times per proxy. Spot issues before users report them.

Audit logging

Every proxy creation, edit, and token rotation is logged. Full compliance trail.

Included on every plan

No add-on fee. No per-call pricing surprises. Proxy functions are part of your EnvManager subscription.

Free Plan

3 proxies

500 calls/month

Pro Plan

25 proxies

5,000 calls/month included

Your static site needs to call an API. Keep the keys off the frontend.

Free on all plans. Set up your first proxy in under 2 minutes.

Get Started Free Compare Plans