The Flutter Kit logoThe Flutter Kit
Boilerplate

Flutter AI App Boilerplate — Ship Without Leaking Keys

OpenAI and Gemini wired through a secure proxy, not baked into your APK. Streaming chat, DALL·E, and Vision on day one — across iOS, Android, and Web from one Dart codebase.

Last updated: 2026-06-04 7 min read By Ahmed Gagan, Flutter Engineer
Quick Answer

The Flutter AI app boilerplate is a $69 one-time Flutter starter that wires OpenAI and Gemini through a secure Flask proxy backend, so your API keys never ship inside the app bundle. You get streaming ChatGPT-style chat, DALL·E image generation, and GPT-4 Vision out of the box, plus Firebase auth, RevenueCat paywalls, and Material 3 theming. It ships iOS, Android, and Web from one Dart codebase with full source ownership and lifetime updates.

Price
$69 one-time (was $149)
AI providers
OpenAI + Gemini via Flask proxy
Key safety
No API keys in the app bundle
Targets
iOS, Android, Web from one Dart codebase

Why the proxy matters more than the chat UI

Most Flutter AI tutorials hand you an OpenAI key glued into a Dart constant, then ship it. The problem is that anything compiled into your APK, IPA, or web bundle can be extracted — strings in a release binary, network captures on a rooted device, or the plaintext JS for Flutter Web. The moment your key leaks, a stranger is billing your OpenAI account. This boilerplate's whole reason for existing is the opposite default: the Flutter client never holds a provider key. Instead it talks to a thin Flask proxy you deploy, and the proxy holds the OpenAI and Gemini secrets as server-side environment variables. The app authenticates to your proxy with a Firebase ID token, the proxy verifies it, calls the model, and streams the tokens back. You get to add rate limits, per-user quotas, and a kill switch without shipping a new app build.

What you can build on day one

The AI layer is feature-flagged, so you can ship an AI-first app or bolt intelligence onto an existing flow. Everything below is wired to the proxy, not to a raw key, and streams over the same authenticated channel.

  • Streaming ChatGPT-style chat with token-by-token rendering and conversation history
  • DALL·E image generation with prompt input and a saved gallery backed by Cloud Storage
  • GPT-4 Vision — send a photo, get a structured description or answer
  • Gemini as a drop-in alternative provider when you want cheaper or faster responses
  • RevenueCat paywall in front of premium AI features, with trials, restore, and entitlements
  • GA4 events on every AI call so you can watch cost-per-feature in real numbers

How the architecture stays clean as the app grows

AI calls live behind a repository, injected with get_it, and consumed by Cubits — so your chat screen never imports an HTTP client directly. That separation is what keeps the proxy swappable: today it's Flask in front of OpenAI and Gemini, but because you own the source you can point the same repository at Supabase Edge Functions, Cloudflare Workers, or your own Node service without touching a single widget. The streaming responses flow into BLoC state, the UI rebuilds incrementally, and errors (rate limits, timeouts, model refusals) surface as typed states you handle once. Material 3 theming with centralized design tokens means the chat bubbles, the image gallery, and the paywall all retheme from one file.

  • BLoC + Cubit state for streaming, retries, and typed error handling
  • Repository pattern so the proxy backend is swappable without UI changes
  • Firebase ID token auth on every proxy request, verified server-side
  • Impeller-rendered, responsive layouts that hold up on phone, tablet, and web

When a raw-key setup or a no-code tool is the better call

Honesty first: if you're building a throwaway hackathon demo that never reaches a store and never bills real money, deploying a proxy is overkill — a hardcoded key in a private repo is faster and fine for 48 hours. If you've never written Dart and you want to drag-and-drop a chatbot UI without owning any backend, FlutterFlow (marketed as a visual builder) gets you a clickable prototype sooner, though you'll hit the same key-exposure question the moment you go to production. And if your AI needs are a single, occasional call rather than a streaming chat product, a managed backend-as-a-service with built-in AI gateways may save you from running any proxy at all. This boilerplate is for the case in between: you want a real, ownable, store-ready Flutter app where the AI is a first-class feature and the keys are genuinely safe.

The Flutter Kit vs. wiring AI yourself from scratch

The Flutter Kit vs DIY from scratch comparison
FeatureThe Flutter KitDIY from scratch
API keys kept off the deviceYes — Flask proxy holds secrets server-sideYou must design and deploy this yourself
Streaming chat, DALL·E, Vision wiredIncluded and feature-flaggedBuild each from the API docs
OpenAI + Gemini both supportedYes, swap providers in configIntegrate each SDK separately
Paywall on AI featuresRevenueCat entitlements pre-wiredAdd and test billing manually
iOS + Android + WebOne Dart codebaseOne codebase, but all glue is on you
Upfront cost$69 one-time$0 license, weeks of engineering time
Source ownershipFull source, lifetime updatesYou own it by definition

Frequently Asked Questions

How does this boilerplate keep my OpenAI key out of the Flutter app?
The Dart client never holds a provider key. It sends a Firebase ID token to a Flask proxy you deploy; the proxy verifies the token, holds the OpenAI and Gemini secrets as server-side environment variables, calls the model, and streams the response back. Nothing extractable from your APK, IPA, or web bundle can bill your account.
Can I use Gemini instead of OpenAI, or both together?
Both. The proxy is Gemini-friendly, so you can route some features to OpenAI and others to Gemini — for example DALL·E for images and Gemini for cheaper text — by changing config rather than rewriting the chat UI. The repository pattern keeps the provider choice out of your widgets.
Do I have to run and pay for the proxy backend separately?
Yes — the proxy is a thin Flask service you deploy (a small free or low-cost host is plenty to start). It's the deliberate trade for key safety. Because you own the source, you can later port the same logic to Supabase Edge Functions or Cloudflare Workers if you'd rather not run Flask.
Is the streaming chat real token-by-token streaming or just a spinner?
Real streaming. Tokens flow from the proxy into BLoC state and the chat bubble rebuilds incrementally, so users see text appear as the model generates it. Rate limits, timeouts, and model refusals come back as typed Cubit states you handle in one place.
Can I gate the AI features behind a paywall?
Yes. RevenueCat is pre-wired with entitlements, trials, restore, and StoreKit 2 / Play Billing, so you can put premium AI behavior — unlimited chat, Vision, image generation — behind a subscription without building billing from scratch. GA4 events on each AI call help you watch cost versus revenue.
Is this overkill if I just want to test an AI idea quickly?
For a 48-hour throwaway demo that never reaches a store, a hardcoded key in a private repo is faster and the proxy is overkill. This kit pays off the moment your AI app is store-bound, bills real money, or needs per-user limits — exactly when an exposed key becomes a liability.

Keep exploring

Related guides
boilerplate
Flutter ChatGPT App Boilerplate
best
Best Flutter AI Boilerplate 2026
cost-to-build
Cost to Build an AI Chatbot App
boilerplate
Flutter Subscription App Boilerplate
From the blog

Ship your AI app without leaking a single key

Get the Flutter AI app boilerplate for $69 one-time — OpenAI and Gemini through a secure proxy, streaming chat, DALL·E, and Vision, with full source ownership and lifetime updates.

Get The Flutter Kit — $69

One-time purchase · Lifetime updates · Unlimited projects