Redirect to a URL without showing the URL

Question

I have a URL to a mp3 file . I need to redirect to the mp3 file without showing the URL because it contains my API key; is there a way to do this?

I don't want the client/sniffer to read my URL.

Can someone please provide a code snippet that I can look at ?

Thanks

Answer 1

if you use routing in MVC or web api you can avoid this kind of redirecting

Answer 2

You cannot do this by redirecting the request, since a redirect will tell the client where to get the file.

The best solution would be to use a proxy application on a server where your users don't have direct access. This proxy software would then load the .mp3 from its original source and forward the data to your client. The API key you want to protect will never leave the server. However, you will need to control access to your proxy by some means.

If you are referring to a client side application: There will always be a possibility to get the URL out of the application. It depends on your threat model. Whom are you protecting the API key against? If you have highly skilled attackers in mind, it's likely that they will be able to extract the key from your application.

Anyway it is a good idea to use encrypted connections when transferring credentials. If you are using https:// and checking the certificates you will at least defend yourself against sniffing the network traffic.

Answer 3

Actually there is no way to prevent sniffing your actual code. Developing a proxy URL on your own site will prevent them to access your API key, but you may need a large bandwidth.