Is there a way to secure an API key on a frontend page?

前端 未结 5 898
星月不相逢
星月不相逢 2021-02-05 09:33

My service allow any HTML documents to be converted to PDF using a POST request. It is mostly used on the backend of my client\'s server and thus, the API key used for the commu

5条回答
  •  北恋
    北恋 (楼主)
    2021-02-05 10:35

    You can use JWT tokens in my opinion. On the basis of username, password or any other info you can generate unique jwt tokens for different users. Anyone can decipher these jwt tokens but not he unique security token.

    If you want to add more more security to tokens, use JWE, encrypted web tokens.

    More about these schemes can be found at https://medium.facilelogin.com/jwt-jws-and-jwe-for-not-so-dummies-b63310d201a3

提交回复
热议问题