This is a sample iOS application demonstrating how to use ProxLock to securely proxy API requests to the OpenAI ChatGPT API. The app provides a full-featured chat interface for interacting with ChatGPT, with all API requests securely proxied through ProxLock.
- 💬 Full ChatGPT chat interface
- 🎨 Beautiful message bubbles with user/assistant distinction
- ⚡ Real-time responses from ChatGPT
- 🔒 Secure API requests via ProxLock
- 💾 Local credential storage
- ⚙️ In-app settings for ProxLock credentials
- 📱 Works on both simulator and real devices
- 🧹 Clear chat functionality
Before you begin, make sure you have:
- Xcode installed (latest version recommended)
- A ProxLock account
- An OpenAI API key - Sign up at platform.openai.com
- App Attest capability enabled (already configured in this project)
Open the Signing & Capabilities tab under the ProxLock-Demo target and select your development team.
- Visit platform.openai.com and create an account
- Navigate to your API keys section and generate a new API key
- Copy your API key - you'll need this for ProxLock configuration
- Log in to the ProxLock web dashboard
- Navigate to your project
- Add a new API key:
- Click "Add Key"
- Enter your OpenAI API key as the full key
- Add
api.openai.comto the whitelisted URLs - Save the key
- Copy your credentials from the key card:
- Partial Key - This is the partial key shown in your dashboard
- Association ID - This is the association ID for your key
- (Optional) For simulator testing, get your Bypass Token:
- Navigate to the Device Check section in your dashboard
- Copy the bypass token
- Open the project in Xcode
- Select your target device (simulator or real device)
- Press ⌘R or click the Run button
- The app will launch and prompt you to enter your ProxLock credentials
- Tap the settings icon (⚙️) in the top right corner
- Enter your Partial Key and Association ID from ProxLock
- Tap Save or Done
- Start chatting with ChatGPT!
If you want to test in the simulator, you can set up environment variables for the bypass token:
- Go to Product → Scheme → Edit Scheme...
- Select Run in the left sidebar
- Go to the Arguments tab
- Under Environment Variables, click the + button
- Add:
- Name:
PROXLOCK_DEVICE_CHECK_BYPASS - Value: Your bypass token from ProxLock dashboard
- Name:
- Click Close to save your changes
Note: The app stores ProxLock credentials locally using UserDefaults, so you only need to enter them once. The bypass token environment variable is only needed for simulator testing.
ProxLock-Demo/
├── ProxLock-Demo/
│ ├── Services/
│ │ └── OpenAIService.swift # Service for ChatGPT API requests via ProxLock
│ ├── ViewModels/
│ │ └── ChatViewModel.swift # View model managing chat state
│ ├── Views/
│ │ ├── ContentView.swift # Main entry point
│ │ ├── ChatView.swift # Main chat interface
│ │ └── SettingsView.swift # Settings for ProxLock credentials
│ ├── Models/
│ │ └── Message.swift # Chat message data models
│ └── ProxLock_DemoApp.swift # App entry point
└── README.md
The app uses ProxLock to securely proxy requests to OpenAI's ChatGPT API:
- PLSession Setup: A
PLSessionis created using your partial key and association ID (entered in Settings) - Bearer Token: The app uses
session.bearerTokenin the Authorization header instead of the full API key - Request Proxying: All requests go through ProxLock, which:
- Validates the request using Device Check
- Replaces the bearer token placeholder with your full OpenAI API key
- Forwards the request to OpenAI's API
- Returns the response to your app
See OpenAIService.swift for the implementation details.
- First Launch: The app will automatically open the Settings screen if no credentials are configured
- Enter Credentials: Enter your ProxLock Partial Key and Association ID
- Start Chatting: Type a message and tap the send button (or press Enter)
- View Responses: ChatGPT responses appear in gray bubbles on the left
- Clear Chat: Tap the trash icon in the top left to clear the conversation
- Change Settings: Tap the settings icon (⚙️) to update your ProxLock credentials
- Requires the
PROXLOCK_DEVICE_CHECK_BYPASSenvironment variable to be set - Device Check doesn't work in the simulator, so the bypass token is required
- Credentials are still entered through the in-app Settings
- Device Check works automatically on real devices
- No bypass token needed
- This is the recommended way to test before releasing
- Make sure you've entered both the Partial Key and Association ID in Settings
- Verify that your credentials are correct from the ProxLock dashboard
- Try clearing the app's data and re-entering credentials
- On Simulator: Make sure
PROXLOCK_DEVICE_CHECK_BYPASSis set in your run scheme environment variables - On Real Device: Verify that App Attest is enabled in your target's capabilities (already configured)
- Verify your OpenAI API key is valid and active
- Check that
https://api.openai.comis whitelisted in your ProxLock key configuration - Ensure you're using the correct partial key and association ID
- Check that you haven't exceeded your OpenAI API rate limits or usage quotas
- Review the error message displayed in the app for more details
- Check your internet connection
- Verify the ProxLock service is accessible
- Check Xcode console for detailed error messages
- Ensure ProxLock credentials are properly saved (check Settings)
- Verify the input field is not empty
- Check for error messages displayed in the app
- Make sure you're not in a loading state (wait for previous message to complete)
- SwiftUI: Modern declarative UI framework
- @Observable: Uses the new Swift observation framework for state management
- Async/Await: All network requests use modern Swift concurrency
- ProxLock SDK: Integrated via Swift Package Manager
- Full OpenAI API key never stored in the app
- Only ProxLock partial key and association ID are stored locally
- All API requests are proxied through ProxLock
- Device Check validation ensures requests come from legitimate devices
This is a sample project for demonstration purposes.