Is there a way to secure an API key on a frontend page?

前端 未结 5 900
星月不相逢
星月不相逢 2021-02-05 09:33

My service allow any HTML documents to be converted to PDF using a POST request. It is mostly used on the backend of my client\'s server and thus, the API key used for the commu

5条回答
  •  一生所求
    2021-02-05 10:21

    there is no good way to do front-end secure storage but my recommendation is :

    is an API that used HMAC signing of requests in combination with OAuth authentication. The API key is actually a signing key. they key does not get transferred. The API key can still get found on the front-end but it becomes useless because you still need the OAuth token to send a valid request.

    i know users will have to login in, but you can see this as an advantage because atleast you can log who is using the app by getting information from oauth.

    please consider back-end secure storage!

提交回复
热议问题