For client-side use (Blazor WebAssembly, browser, mobile) you should never embed
the long-lived Basic API key. Instead, exchange it for a short-lived JWT on a
trusted backend via InworldJwt.GenerateAsync(key, secret) and pass the JWT to
the client. The SDK auto-detects JWTs (Bearer) and skips the Basic rewrite.
This example assumes using Inworld; is in scope and apiKey contains your Inworld API key.
1 2 3 4 5 6 7 8 9101112131415161718192021222324
// Read the Inworld API key/secret from environment. The Basic key// is Base64 of `key:secret`; for client-side usage we decode it into// the pair before calling token:generate.varapiKey=Environment.GetEnvironmentVariable("INWORLD_JWT_KEY")is{Length:>0}k?k:DecodeKeyPair(Environment.GetEnvironmentVariable("INWORLD_API_KEY")).key;varapiSecret=Environment.GetEnvironmentVariable("INWORLD_JWT_SECRET")is{Length:>0}s?s:DecodeKeyPair(Environment.GetEnvironmentVariable("INWORLD_API_KEY")).secret;if(string.IsNullOrEmpty(apiKey)||string.IsNullOrEmpty(apiSecret)){thrownewAssertInconclusiveException("INWORLD_API_KEY (Basic Base64) or INWORLD_JWT_KEY + INWORLD_JWT_SECRET is required.");}// Mint a short-lived Bearer JWT from the key+secret pair.vartoken=awaitInworldJwt.GenerateAsync(apiKey,apiSecret);// The token is ready to pass to `new InworldClient(token.Token)` on the client.// Use the JWT to call a REST endpoint. The SDK keeps the Bearer scheme for JWTs.usingvarclient=newInworldClient(token.Token);varmodels=awaitclient.Models.ListModelsAsync();