Embedding chat widget requires exposing API key in the browser, contradicting docs/dashboard guidance. Is this deployable for a public-facing production chatbot?

[chenyuAC]

The docs suggest the chat widget can be used in websites and mobile apps:
https://github.com/langflow-ai/langflow/blob/403b939c9cfc33a6edcce7bf6ef9e2f8488f8311/docs/docs/Flows/concepts-publish.mdx?plain=1#L9

After you build a flow, you probably want to run it within an application, such as a chatbot within a mobile app or website.

However, using the embed as documented requires putting the API key in client-side JavaScript, which makes it visible to end users.

This appears to conflict with guidance shown in the dashboard:
https://github.com/langflow-ai/langflow/blob/403b939c9cfc33a6edcce7bf6ef9e2f8488f8311/src/frontend/src/constants/constants.ts#L660

Do not share your API key with others, or expose it in the browser or other client-side code.

Questions / requests:

• Is exposing the key in the browser intended for production use?
• If not, could the readme in this repo also include a recommended production pattern (e.g., a backend proxy example) and clarify that the embed snippet is for demos only?

[afarntrog]

Yeah, I think the API keys should be able to be scoped so that we can be limit the key to specific flows