perplexity-security-basics

# Perplexity Security Basics ## Overview Security best practices for Perplexity Sonar API. Key concerns: API key protection (keys start with `pplx-`), query sanitization (Perplexity searches the open web, so PII in queries gets sent to external sources), and response handling (citations link to third-party sites). ## Prerequisites - Perplexity API key from [perplexity.ai/settings/api](https://www.perplexity.ai/settings/api) - Understanding of environment variable management - `.gitignore` configured to exclude secret files ## Instructions ### Step 1: API Key Management ```bash # .env (NEVER commit to git) PERPLEXITY_API_KEY=pplx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # .gitignore .env .env.local .env.*.local *.pem ``` ```typescript // Validate key format at startup function validateApiKey(key: string): void { if (!key) throw new Error("PERPLEXITY_API_KEY is not set"); if (!key.startsWith("pplx-")) { throw new Error("PERPLEXITY_API_KEY must start with 'pplx-'"); } if (key.length < 40) { throw new Error("PERPLEXITY_API_KEY appears truncated"); } } validateApiKey(process.env.PERPLEXITY_API_KEY || ""); ``` ### Step 2: Query Sanitization (Critical) Perplexity sends your query to the open web for search. Any PII in the query is exposed to external search infrastructure. ```typescript function sanitizeQuery(query: string): string { return query // Remove email addresses .replace(/\b[\w.+-]+@[\w-]+\.[\w.]+\b/g, "[email]") // Remove p...