Is there a way to secure an API key on a frontend page?

Question

My service allow any HTML documents to be converted to PDF using a POST request. It is mostly used on the backend of my client\'s server and thus, the API key used for the commu

Answer 1

there is no good way to do front-end secure storage but my recommendation is :

is an API that used HMAC signing of requests in combination with OAuth authentication. The API key is actually a signing key. they key does not get transferred. The API key can still get found on the front-end but it becomes useless because you still need the OAuth token to send a valid request.

i know users will have to login in, but you can see this as an advantage because atleast you can log who is using the app by getting information from oauth.

please consider back-end secure storage!