SERVER-SIDE PROXY REQUIRED

Native fetch API with Meridian

Call Meridian endpoints directly from the browser using the standard fetch() API. Your API key never leaves your server.

⚠

Never expose API keys in browser code

Browser-side code is visible to anyone who opens DevTools. Always route Meridian requests through a server-side proxy endpoint that injects your secret API key. Below is the recommended pattern.

Recommended pattern

1. Create a proxy route on your server

// pages/api/meridian-proxy.ts
export default async function handler(req, res) {
  const response = await fetch(
    "https://api.getmeridian.net/v1/query",
    {
      method: "POST",
      headers: {
        "Authorization": `Bearer ${process.env.MERIDIAN_API_KEY}`,
        "Content-Type": "application/json",
      },
      body: JSON.stringify(req.body),
    }
  );
  res.status(response.status).json(await response.json());
}

2. Call your proxy from the browser

const res = await fetch("/api/meridian-proxy", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({ prompt: "Hello" }),
});
const data = await res.json();