Is there a way to secure an API key on a frontend page?

Question

My service allow any HTML documents to be converted to PDF using a POST request. It is mostly used on the backend of my client\'s server and thus, the API key used for the commu

Answer 1

Assuming that you are using OAuth kind of system, In that case, make use of Access Token Mechanism that provides access to private API/User's data on behalf of User(Client) without exposing his/her credentials or API Key(Authentication key), also the access token can be expired based on the time/usage.

Example: The access token is generated against a single endpoint that can be the Html Conversion endpoint and will be expired once the action completion.

https://auth0.com/docs/tokens/access-token

And following blog post would be helpful to architect your authentication system https://templth.wordpress.com/2015/01/05/implementing-authentication-with-tokens-for-restful-applications/