RegLens API Setup Instructions
I need to create a settings page to manage an external API key for the Jurisdiction Data API. The settings page should allow users to securely store and update the API key. If you already have a settings page, add this field to the current page.
Requirements
1. API Key Storage
- Store the API key as a Replit Secret named
JURISDICTION_API_KEY - Access it via environment variables:
process.env.JURISDICTION_API_KEY - The key should be encrypted and never exposed in the frontend
2. Settings Page Features
Create a settings page (/settings or /admin/settings) with:
Display Section:
- Show whether an API key is currently configured (Yes/No status)
- If configured, show a masked preview (e.g., "sk_**...1234" - first 3 chars + last 4 chars)
- Display when the key was last updated (store this in your database)
Update Section:
- Input field to enter/update the API key
- "Test Connection" button to verify the key works
- "Save" button to update the key
- "Clear" button to remove the key
Test Connection Feature:
- When clicked, make a test request to
GET /api/regionsusing the provided key - Display success/failure status
- If successful, show count of regions retrieved
- If failed, show the error message (401 = invalid key, network error, etc.)
3. Backend Implementation
Database Schema: Create a settings table to track API configuration:
{
id: string (primary key),
setting_key: string (e.g., 'jurisdiction_api_key_configured'),
setting_value: string (e.g., 'true' or 'false'),
updated_at: timestamp,
updated_by: string (user who updated it)
}
API Endpoints:
GET /api/settings/api-key-status - Check if key is configured POST /api/settings/api-key - Save/update the API key DELETE /api/settings/api-key - Remove the API key POST /api/settings/test-connection - Test the API key Important Security Rules:
NEVER send the actual API key to the frontend The backend should read from process.env.JURISDICTION_API_KEY When saving a new key, update it in Replit Secrets (not in code or database) Only send status/metadata to frontend, never the key value itself
4. Setting the Replit Secret
Manual Setup (Initial):
Tell the user to:
Click on "Tools" in the left sidebar Select "Secrets" Add a new secret: Key: JURISDICTION_API_KEY Value: [their API key from the jurisdiction app] Click "Add Secret" Programmatic Update (From Settings Page): Since Replit Secrets cannot be updated programmatically from within the app, use this approach:
Option 1 - Environment Variable File (Recommended):
Store the key in a .env file (add .env to .gitignore) Load it using a package like dotenv Display instructions to user on how to update it in Replit Secrets for production Option 2 - Database Storage (Less Secure but Functional):
Store the encrypted key in your database Use a strong encryption library to encrypt before storing Decrypt when needed for API calls Include a warning that Replit Secrets is more secure Recommended Approach for this App:
// Backend route to save API key
app.post("/api/settings/api-key", async (req, res) => {
const { apiKey } = req.body;
// Validate the key format
if (!apiKey.startsWith('sk_')) {
return res.status(400).json({ error: "Invalid API key format" });
}
// Test the key first
try {
const testResponse = await fetch('BASE_URL/api/regions', {
headers: { 'Authorization': `Bearer ${apiKey}` }
});
if (!testResponse.ok) {
return res.status(400).json({ error: "API key is invalid" });
}
} catch (error) {
return res.status(400).json({ error: "Failed to validate API key" });
}
// Store encrypted in database or prompt user to update Replit Secret
// ... your storage logic here ...
res.json({
success: true,
message: "API key validated. Please update JURISDICTION_API_KEY in Replit Secrets."
});
});
5. Frontend Settings Page Design
Layout:
Settings Page
├── API Configuration Card
│ ├── Status Badge (Configured / Not Configured)
│ ├── Last Updated: [timestamp]
│ ├── Key Preview: sk_***...1234 (if configured)
│ ├── [Update API Key] Section
│ │ ├── Input field (password type)
│ │ ├── [Test Connection] button
│ │ ├── [Save] button
│ │ └── [Clear] button
│ └── Instructions/Help Text
└── Connection Test Results
├── Status (Success/Failed)
├── Message
└── Details (e.g., "Retrieved 5 regions")
User Flow:
User enters API key in input field User clicks "Test Connection" System validates key and shows results If successful, "Save" button becomes enabled User clicks "Save" System shows success message with instructions to update Replit Secret Page refreshes to show updated status
6. Error Handling
Display user-friendly messages for:
Empty API key field Invalid key format (doesn't start with 'sk_') Failed connection test (network error, invalid key, etc.) Successful validation and save
7. Instructions to Display
Include help text on the settings page:
To use the Jurisdiction Data API:
- Obtain an API key from the Jurisdiction Admin
- Enter your API key below and test the connection
- Once validated, update the JURISDICTION_API_KEY in your Replit Secrets
- Your application will automatically use the key for all API requests
For security, API keys are stored as Replit Secrets and encrypted. Never share your API key or commit it to version control.
Please implement this settings page with all the features described above. Use modern UI components with proper form validation and user feedback.
To use this prompt:
- Copy the entire text above
- Paste it into your new Replit app
- The agent will create a complete settings page for API key management
This prompt provides comprehensive guidance on secure API key management using Replit's best practices, including proper storage, validation, and user interface design.