Pluslide LogoPluslide
Call APIBest Practices

Use a Proxy API

Recommended practices for integrating the Pluslide API securely and efficiently in production applications.

When building production applications with the Pluslide API, we strongly recommend implementing a proxy API layer between your client application and Pluslide. This pattern provides significant security, control, and business benefits.

Why Use a Proxy API?

Unless you're building an internal tool with controlled access, never call the Pluslide API directly from client-side code. Instead, route all requests through your own backend server.

┌─────────────┐      ┌─────────────────┐      ┌─────────────────┐
│   Client    │ ───▶ │  Your Backend   │ ───▶ │  Pluslide API   │
│   (Browser) │      │  (Proxy Layer)  │      │                 │
└─────────────┘      └─────────────────┘      └─────────────────┘

1. Protect Your API Key

Your Pluslide API key grants full access to your account's credits. Exposing it in client-side code creates serious risks:

  • Cost exposure: Malicious users can use your leaked key to consume your credits
  • Painful recovery: Once leaked, damage may already be done before you notice; you must regenerate the key and update all dependent services
  • Compliance issues: Many security standards prohibit exposing API keys in client code

With a proxy layer, your API key stays secure on your server:

// ❌ Bad: API key exposed in client-side code
const response = await fetch('https://api.pluslide.com/v1/project/export', {
  headers: { Authorization: 'Bearer sk_live_abc123xyz' }, // Visible to anyone!
});

// ✅ Good: Call your own backend instead
const response = await fetch('/api/generate-presentation', {
  headers: { Authorization: 'Bearer user_session_token' },
});

2. Implement Your Business Logic

A proxy layer lets you enforce your own business rules before forwarding requests:

Control TypeExample Implementation
QuotasLimit users to 100 exports per month
Plan restrictionsReserve certain features for premium users
PermissionsOnly allow users to export their own templates
ValidationEnforce content policies before generation
// Your backend proxy endpoint
app.post('/api/generate-presentation', async (req, res) => {
  const user = await authenticate(req);

  // Check user's plan quota
  if (user.monthlyExports >= user.plan.exportLimit) {
    return res.status(403).json({ error: 'Monthly export limit reached' });
  }

  // Verify template ownership
  const template = await getTemplate(req.body.projectId);
  if (template.ownerId !== user.id) {
    return res.status(403).json({ error: 'Access denied' });
  }

  // Forward to Pluslide API
  const result = await pluslideClient.export(req.body);

  // Update usage tracking
  await incrementUserExports(user.id);

  return res.json(result);
});

3. Track Usage and Analytics

Gain insights into how your users interact with presentation generation:

  • User-level metrics: Track which users generate the most presentations
  • Template popularity: Identify which templates are most used
  • Error patterns: Monitor and debug issues before users report them
  • Cost allocation: Attribute API costs to specific users or departments
// Log every request for analytics
await analytics.track({
  event: 'presentation_generated',
  userId: user.id,
  templateId: req.body.projectId,
  slidesCount: req.body.presentation.slides.length,
  duration: endTime - startTime,
});

Implementation Examples

Node.js / Express

import express from 'express';

const app = express();

app.post('/api/generate-presentation', async (req, res) => {
  // Your authentication
  const user = await authenticateRequest(req);
  if (!user) {
    return res.status(401).json({ error: 'Unauthorized' });
  }

  // Your business logic
  await validateUserQuota(user);

  // Forward to Pluslide
  const response = await fetch('https://api.pluslide.com/v1/project/export', {
    method: 'POST',
    headers: {
      Authorization: `Bearer ${process.env.PLUSLIDE_API_KEY}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify(req.body),
  });

  // Return result
  const data = await response.json();
  return res.status(response.status).json(data);
});

When Direct API Calls Are Acceptable

Direct API calls may be appropriate for:

  • Internal tools: Company-internal applications with controlled access
  • Development: Local testing and prototyping (use test keys)
  • Server-to-server: Backend services where the key is never exposed

For production applications serving end users, the proxy pattern is the recommended approach for integrating with Pluslide.

List Presentations

Retrieve a paginated list of generated presentations from the Pluslide API.

Export Options

Choose the right export options for your use case to optimize speed and file size.

On this page

Why Use a Proxy API?1. Protect Your API Key2. Implement Your Business Logic3. Track Usage and AnalyticsImplementation ExamplesNode.js / ExpressWhen Direct API Calls Are Acceptable