https://www.growthbook.io/ logo
#sdk-flutter
Title
# sdk-flutter
c

cool-apple-97384

09/18/2023, 7:27 AM
Hi All, it's available to add an token/headers authorization when we request flag to dashboard via API? Because if someone know our API key, and they try to request or DDOS attack to
api.growthbook/features/key_our_api_key
will impact to our server. Any suggestion for this issue?
Maybe any whitelist domain or package name for mobile implementation
Sorry for mentions @gifted-cat-24658 or @fresh-football-47124 maybe any insight 🙏
Additional question, I see in the internal network request, your SDK just get and return the json value without any parameters. So, everyone that use Growthbook will get same json value? Or possible to get different json value? If everyone get same json value then SDK will do logic comparison or condition to get expected value
f

fresh-football-47124

09/20/2023, 3:48 AM
yes, SDKs are evaluated client side - we have remote evaluation on the way
it would be possible to add header authorization, you can open a github issue or submit the PR yourself
c

cool-apple-97384

09/20/2023, 3:51 AM
Of course, I have submit an issue
@fresh-football-47124 So, we can assume get same json value every request/fetch to the API?
f

fresh-football-47124

09/20/2023, 3:55 AM
yes, unless the flags have updated
we designed it to be highlight cachable
c

cool-apple-97384

09/20/2023, 3:56 AM
If we cache the response for all user it's safe?
f

fresh-football-47124

09/20/2023, 3:56 AM
yes, we have caching built into most SDKs, I think Flutter included, but not 100%
but you can add simple caching yourself
we use SSE to enable realtime updates for some SDKs, again, not sure if flutter is included
but if not, you can use webhooks to expire the cache, or use a reasonable TTL
c

cool-apple-97384

09/20/2023, 3:59 AM
Ok @fresh-football-47124 thanks for the information, we will try the solution.
10 Views