diff --git a/selfdrive/ui/qt/api.cc b/selfdrive/ui/qt/api.cc
index 7c998d57a9..356bb4c26f 100644
--- a/selfdrive/ui/qt/api.cc
+++ b/selfdrive/ui/qt/api.cc
@@ -20,7 +20,7 @@ const std::string private_key_path = "/persist/comma/id_rsa";
 const std::string private_key_path = util::getenv_default("HOME", "/.comma/persist/comma/id_rsa", "/persist/comma/id_rsa");
 #endif
 
-QByteArray CommaApi::rsa_sign(QByteArray data) {
+QByteArray CommaApi::rsa_sign(const QByteArray &data) {
   auto file = QFile(private_key_path.c_str());
   if (!file.open(QIODevice::ReadOnly)) {
     qDebug() << "No RSA private key found, please run manager.py or registration.py";
@@ -44,7 +44,7 @@ QByteArray CommaApi::rsa_sign(QByteArray data) {
   return sig;
 }
 
-QString CommaApi::create_jwt(QVector<QPair<QString, QJsonValue>> payloads, int expiry) {
+QString CommaApi::create_jwt(const QVector<QPair<QString, QJsonValue>> &payloads, int expiry) {
   QString dongle_id = QString::fromStdString(Params().get("DongleId"));
 
   QJsonObject header;
@@ -57,7 +57,7 @@ QString CommaApi::create_jwt(QVector<QPair<QString, QJsonValue>> payloads, int e
   payload.insert("nbf", t);
   payload.insert("iat", t);
   payload.insert("exp", t + expiry);
-  for (auto load : payloads) {
+  for (auto &load : payloads) {
     payload.insert(load.first, load.second);
   }
 
diff --git a/selfdrive/ui/qt/api.hpp b/selfdrive/ui/qt/api.hpp
index 0ec8f8b4b4..743c9771ba 100644
--- a/selfdrive/ui/qt/api.hpp
+++ b/selfdrive/ui/qt/api.hpp
@@ -18,11 +18,8 @@ class CommaApi : public QObject {
   Q_OBJECT
 
 public:
-  static QByteArray rsa_sign(QByteArray data);
-  static QString create_jwt(QVector<QPair<QString, QJsonValue>> payloads = {}, int expiry = 3600);
-
-private:
-  QNetworkAccessManager* networkAccessManager;
+  static QByteArray rsa_sign(const QByteArray &data);
+  static QString create_jwt(const QVector<QPair<QString, QJsonValue>> &payloads = {}, int expiry = 3600);
 };
 
 /**