# Turning on the real prescription photo scan

The ClaimIt app is static (GitHub Pages) and can't safely hold your OpenAI key.
This guide stands up a tiny **Cloudflare Worker** that holds the key and reads
the photo. ~10 minutes, no coding. Free hosting; OpenAI usage is under ~1¢ per scan.

> You already have an OpenAI API key — keep it handy. If you want to cap spend,
> pre-load ~$5 of credits and turn **auto-recharge OFF** in OpenAI billing, so
> scanning simply stops if credits run out (no surprise bills).

## Step 1 — Create the Worker (Cloudflare dashboard)
1. Go to **https://dash.cloudflare.com** → sign up / log in (free).
2. Left menu → **Workers & Pages** → **Create** → **Create Worker**.
3. Name it `claimit-rx-ocr` → **Deploy** (it makes a placeholder).
4. Click **Edit code**.
5. Delete the sample code, then paste the entire contents of
   [`worker/claimit-rx-ocr.js`](../worker/claimit-rx-ocr.js).
6. Click **Deploy**.

## Step 2 — Add your OpenAI key as a secret
1. On the Worker page → **Settings** → **Variables and Secrets**.
2. **Add variable** → Type: **Secret** → Name: `OPENAI_API_KEY` →
   Value: *paste your key* → **Save and deploy**.

## Step 3 — (Optional but recommended) rate limit
In the Worker → **Settings → Bindings → Add → Rate limiting**, set
**15 requests / 60 seconds**, binding name `RATE_LIMITER`. This stops anyone
from spamming the endpoint and burning your credits. (The code works fine
without it too.)

## Step 4 — Copy the Worker URL and send it to me
On the Worker page you'll see a URL like:
```
https://claimit-rx-ocr.<your-subdomain>.workers.dev
```
Paste that URL to me. I'll drop it into the app (one line:
`const RX_OCR_ENDPOINT = "...";`) and push — the **Scan label / Upload PDF**
buttons will then read real photos and auto-fill the medication for price
comparison.

## How it behaves
- **Before** the URL is set: the scan stays a friendly demo; the type-a-drug
  price check works.
- **After** the URL is set: tapping **Scan label** opens your camera, the photo
  is read by GPT-4o Vision, and the detected medication is filled in and ready
  to compare prices.
- The photo is processed in-flight and **never stored**. The Worker only ever
  returns the drug name/dosage — no names, SSNs, or addresses.