Timeline for Is there a way to store a secret API key to my backend, which the frontend can safely ask for?
Current License: CC BY-SA 4.0
12 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 28, 2019 at 11:17 | vote | accept | SumakuTension | ||
| Sep 27, 2019 at 17:10 | answer | added | Jon Raynor | timeline score: -1 | |
| Sep 27, 2019 at 17:05 | answer | added | Shaunak Sontakke | timeline score: 0 | |
| Sep 27, 2019 at 15:18 | comment | added | neilsimp1 | Calling an AJAX endpoint to get the key doesn't sound any more secure then storing it in the JS directly. As @Ryathal said, if you really want to secure it, call your server to in turn call the Google API. | |
| Sep 27, 2019 at 15:04 | answer | added | JimmyJames | timeline score: 4 | |
| Sep 27, 2019 at 12:26 | answer | added | Ryathal | timeline score: 4 | |
| Sep 27, 2019 at 12:23 | comment | added | SumakuTension | WARNING: Do not store any secrets (such as private API keys) in your React app! Environment variables are embedded into the build, meaning anyone can view them by inspecting your app's files. | |
| Sep 27, 2019 at 12:12 | comment | added | SumakuTension | I'm using reactJS with create react app. Putting secret keys in environment variables is not safe according to its docs | |
| Sep 27, 2019 at 12:10 | review | Close votes | |||
| Oct 2, 2019 at 3:01 | |||||
| Sep 27, 2019 at 12:06 | comment | added | neilsimp1 | Is there any reason you can't just store the API key on the page when it first loads? If the client is going to have it at some point, I don't think not making it more secure by requiring the AJAX call first to get the key. | |
| Sep 27, 2019 at 11:50 | review | First posts | |||
| Sep 30, 2019 at 20:39 | |||||
| Sep 27, 2019 at 11:50 | history | asked | SumakuTension | CC BY-SA 4.0 |