I've some website apps that connects to Solana RPCs and sends transactions that are later needed to be verified by a backend process.
If I whitelist the domain to restrict the access to my Alchemy rpc, then I cannot use it from the backend process. I could whitelist the IP, to be able to use it from the backend, but the server I'm using to run the process (Heroku) doesn't offer one.
My idea would be to be able to override such whitelists if a 2nd apikey or secret is passed to the rpc endpoint. That way, I could take advantage of the efficiency of using the same rpc for the website and backend.