On this page
Security and Privacy
Batoi UIF can power browser-only tools, but production use needs clear security boundaries.
Security Boundary Diagram
Browser-Only Data
For examples such as Data Visualization, local data should stay in the browser unless the user explicitly submits it.
API Keys
Do not persist provider keys in browser storage.
For production AI interfaces, use a backend proxy.
Exports
Exports should be user-initiated.
Examples:
- JSON project file
- CSV register export
- SVG chart
- generated CSS
- generated HTML
Server Integration
When a Micro App talks to a server, define:
- authentication
- authorization
- validation
- audit
- rate limiting
- error handling