How can I hide my API key stored within JavaScript?

Adam

I want my API key to be hidden and not publicly exposed.

I can think of a few ways of how to transfer the API key, through document.getelementbyId, .queryselector, input - hidden; but the API key will still be visible on the HTML page.

What is the best solution?

Ermiya Eskandary

The important factor to note here is that any JavaScript is run on the client's machine.

It is their machine and they are in full control of what runs on it.

You can minify, you can obfuscate, you can try every method possible but the API key will finally have to be formulated back somehow within the client's browser. And since the client's browser is theirs, you essentially have 0 control over what they can do with the API key. Plus the network tab in the client's browser will show all the requests the web application makes, including the one being sent with the API key.

If it is a third-party external API requiring an API key, the solution is to have an endpoint that does the authentication for you that acts as an interface between your front-end application and the API.

If this is your own API & you need to expose API endpoints that shouldn't be publically available, you will need a way to authenticate users. Starting off from JSON web tokens will be a great start but how you introduce JWTs will be massively dependent on your application.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

How can I hide or encrypt JavaScript code?

How to secure my Google Maps Javascript V3 API Key within an Ionic/Cordova App?

How can I dynamic hide swagger api?

How to hide the API key in my Electron application?

How can I loop through a table within a stored procedure?

How can I solve my performace issue in my stored procedure?

How can I fetch XML Data from a file stored on my PC and populate a table in HTML using javascript?

How can I create stored procedure from within Python script?

How can I hide an API key in a GitHub public repo?

How Can I Create Record and Table of That Record Within a Stored Procedure?

How can I properly execute this javascript within my php statement?

How can I protect my Kloudless API Key and Account ID?

How can I hide API secret key when sending AJAX requests?

How can I programatically show/hide my app window with global shortcut key?

How to I hide my secret_key using virtualenv and Django?

How can i hide my dropbox api keys

How can I hide and show my menu with JavaScript?

How can I pass my API key through header while making request to Stackoverflow API using python

How can I rotate my API key for Firebase?

How can I set an API key once and save it within a function?

How can I add a new key:value pair to an existing Javascript object dynamically within a loop

How can I safely hide my discord bot API key using Heroku?

Within An Array how can i stored IndexValue And Name

How can I call my API stored in appsettings.json in .NET Core?

How can I hide an external API key in a Wordpress PHP file?

How can I hide this button onclick with javascript?

How can I access my Flask API within a docker container?

How to hide my API Key in a POST request?

How to hide api key in javascript?