Open source platform for stress free deployments, measured impact, and smarter decisions.

GrowthBook Users

Hi All, it's available to add an token/headers authorization when we request flag to dashboard via API? Because if someone know our API key, and they try to request or DDOS attack to `api.growthbook/features/key_our_api_key` will impact to our server. Any suggestion for this issue?

Maybe any whitelist domain or package name for mobile implementation

Sorry for mentions <@U037W54DPAN> or <@U01T6HCHD0A> maybe any insight :pray:

Additional question, I see in the internal <https://github.com/alippo-com/GrowthBook-SDK-Flutter/blob/master/lib/src/Network/network.dart|network request>, your SDK just get and return the json value without any parameters. So, everyone that use Growthbook will get same json value? Or possible to get different json value?

If everyone get same json value then SDK will do logic comparison or condition to get expected value

yes, SDKs are evaluated client side - we have remote evaluation on the way

it would be possible to add header authorization, you can open a github issue or submit the PR yourself

Of course, I have submit an <https://github.com/alippo-com/GrowthBook-SDK-Flutter/issues/52|issue>

<@U01T6HCHD0A> So, we can <https://growthbookusers.slack.com/archives/C038XP683NC/p1695181684271969?thread_ts=1695022073.490339&amp;cid=C038XP683NC|assume> get same json value every request/fetch to the API?

If we cache the response for all user it's safe?

yes, we have caching built into most SDKs, I think Flutter included, but not 100%

we use SSE to enable realtime updates for some SDKs, again, not sure if flutter is included

but if not, you can use webhooks to expire the cache, or use a reasonable TTL

Ok <@U01T6HCHD0A> thanks for the information, we will try the solution.