Reputation: 21090
API key security in Javascript?
I'm hosting a service which requires consumer to pass API key. It can be consumed by both server side (Ruby,Python etc) and client side applications using Javascript.
Is it possible to use the API key securely from a Javascript only app? I can't think of any way to achieve this at the moment
Upvotes: 2
Views: 975
Answers (1)
Reputation: 35590
Not if the key is sensitive data.
All Javascript is visible to the users, so even an encrypted key could be decrypted. If the key must remain secret, it must never be used in any client-side code or content.
Communication of the key must be server to server, if the key needs to remain completely confidential. A javascript-heavy UI will still need to use a server as a intermediary to proxy calls to your service. A full javascript-only UI is not an option, unless the customer is willing to leak his service key to his users.
Upvotes: 3
Related Questions
- How to protect an API Key when using JavaScript?
- How can you secure a JavaScript application's API calls?
- api-key for client-server communication and security
- how safe is it to use api key in client side javascript file?it can be easily use to create objects on my app using this api key?
- Securing API Keys on clients (JavaScript, Android, iOS, etc.)
- Securing JavaScript API
- Protecting API Key in a JS application
- How to keep API keys secret when using client side Javascript?
- What's the point of a javascript API key when it can be seen to anyone viewing the js code
- Security in Javascript API