zapi

zapi is a robust macOS app for developers that eliminates the risks of storing and transferring API keys.

Comment

Inspiration

Developers routinely save API keys in places that were never meant for sensitive data, such as in notes apps, screenshots, Slack messages, or text threads. These shortcuts are convenient, but they quietly introduce real security risks on a frequent basis. We wanted to build something that fit naturally into a developer’s workflow, while removing the need to rely on insecure, unofficial storage and sharing methods.

What it does

zapi is a macOS app that securely stores and transfers API keys. It provides a simple, purposeful alternative to copying credentials into notes or messaging apps, helping reduce accidental leaks, misuse, and long-term exposure of sensitive data.

How we built it

zapi was built as a native macOS application with security as the primary design constraint. We focused on keeping the app lightweight, fast, and local, while leveraging security features to protect stored secrets. The interface was intentionally minimal to reduce friction and encourage correct usage by default.

Challenges we ran into

This was our first time building a macOS app in Swift, which came with a learning curve around native app architecture and platform-specific patterns. We also initially assumed that detecting API keys would be relatively straightforward, but quickly learned that it’s a much harder problem than expected. Building a model/algorithm that was fast, reliable, and worked well across different key formats required far more iteration and experimentation than we anticipated.

Accomplishments that we're proud of

We’re proud that zapi solves a real, everyday problem with a focused and practical solution. Building a secure macOS app from the ground up was a meaningful technical and design achievement for us.

What we learned

We learned that when building security tools, every decision must be made with security in mind. This means carefully researching and vetting commonly used tools, questioning default choices, and often finding safer alternatives rather than relying on what is most popular or convenient.

What's next for zapi

Next, we want to expand zapi beyond API keys to support passwords and other types of sensitive secrets. We also plan to build out features for controlled sharing, improved auditing, and deeper integration into developer workflows. Our goal is to further reduce the ways sensitive information can be accidentally exposed, while keeping the experience fast, simple, and frictionless.

_ DISCORD CONTACT INFORMATION: brwhyant _

Built With

Share this project:

Updates