Use a Proxy API
Recommended practices for integrating the Pluslide API securely and efficiently in production applications.
When building production applications with the Pluslide API, we strongly recommend implementing a proxy API layer between your client application and Pluslide. This pattern provides significant security, control, and business benefits.
Why Use a Proxy API?
Unless you're building an internal tool with controlled access, never call the Pluslide API directly from client-side code. Instead, route all requests through your own backend server.
┌─────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Client │ ───▶ │ Your Backend │ ───▶ │ Pluslide API │
│ (Browser) │ │ (Proxy Layer) │ │ │
└─────────────┘ └─────────────────┘ └─────────────────┘1. Protect Your API Key
Your Pluslide API key grants full access to your account's credits. Exposing it in client-side code creates serious risks:
- Cost exposure: Malicious users can use your leaked key to consume your credits
- Painful recovery: Once leaked, damage may already be done before you notice; you must regenerate the key and update all dependent services
- Compliance issues: Many security standards prohibit exposing API keys in client code
With a proxy layer, your API key stays secure on your server:
// ❌ Bad: API key exposed in client-side code
const response = await fetch('https://api.pluslide.com/v1/project/export', {
headers: { Authorization: 'Bearer sk_live_abc123xyz' }, // Visible to anyone!
});
// ✅ Good: Call your own backend instead
const response = await fetch('/api/generate-presentation', {
headers: { Authorization: 'Bearer user_session_token' },
});2. Implement Your Business Logic
A proxy layer lets you enforce your own business rules before forwarding requests:
| Control Type | Example Implementation |
|---|---|
| Quotas | Limit users to 100 exports per month |
| Plan restrictions | Reserve certain features for premium users |
| Permissions | Only allow users to export their own templates |
| Validation | Enforce content policies before generation |
// Your backend proxy endpoint
app.post('/api/generate-presentation', async (req, res) => {
const user = await authenticate(req);
// Check user's plan quota
if (user.monthlyExports >= user.plan.exportLimit) {
return res.status(403).json({ error: 'Monthly export limit reached' });
}
// Verify template ownership
const template = await getTemplate(req.body.projectId);
if (template.ownerId !== user.id) {
return res.status(403).json({ error: 'Access denied' });
}
// Forward to Pluslide API
const result = await pluslideClient.export(req.body);
// Update usage tracking
await incrementUserExports(user.id);
return res.json(result);
});3. Track Usage and Analytics
Gain insights into how your users interact with presentation generation:
- User-level metrics: Track which users generate the most presentations
- Template popularity: Identify which templates are most used
- Error patterns: Monitor and debug issues before users report them
- Cost allocation: Attribute API costs to specific users or departments
// Log every request for analytics
await analytics.track({
event: 'presentation_generated',
userId: user.id,
templateId: req.body.projectId,
slidesCount: req.body.presentation.slides.length,
duration: endTime - startTime,
});Implementation Examples
Node.js / Express
import express from 'express';
const app = express();
app.post('/api/generate-presentation', async (req, res) => {
// Your authentication
const user = await authenticateRequest(req);
if (!user) {
return res.status(401).json({ error: 'Unauthorized' });
}
// Your business logic
await validateUserQuota(user);
// Forward to Pluslide
const response = await fetch('https://api.pluslide.com/v1/project/export', {
method: 'POST',
headers: {
Authorization: `Bearer ${process.env.PLUSLIDE_API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(req.body),
});
// Return result
const data = await response.json();
return res.status(response.status).json(data);
});When Direct API Calls Are Acceptable
Direct API calls may be appropriate for:
- Internal tools: Company-internal applications with controlled access
- Development: Local testing and prototyping (use test keys)
- Server-to-server: Backend services where the key is never exposed
For production applications serving end users, the proxy pattern is the recommended approach for integrating with Pluslide.
List Presentations
API endpoint to retrieve a paginated list of generated presentations. Includes filtering options, pagination parameters, and response examples.
Export Options
Choose the right export options for PPTX generation. Compare sync vs async modes, compression levels, and optimization strategies for speed and file size.