Reputation: 813
How to hide api key using php?
everyone. I'm trying to create league of legend api, but I need to hide the api key. I know there is no way to hide the key from the front-end, so this is how I did it, I'm not sure this is the best way to do it. Please help me!! Thanks!
HTML.file
var getID = function(playerName) {
$.ajax({
type: "POST",
url:"test.php",
dataType:'json',
data: {'url': "api/lol/na/v1.4/summoner/by-name/"+playerName+"?"},
success: function(data){
playerID = data[playerName].id;
console.log(playerID);
}
});
};
So every time I'm calling ajax, I'm making a ajax request to the test.php file, and pass the url to it, then the php code will use the url to get request from the game server and send back the result to front-end.
test.php
<?php
header('Content-Type: application/json');
$url = $_POST['url'];
$json = file_get_contents('https://na.api.pvp.net/'.$url.'api_key=key');
$obj = json_decode($json);
echo json_encode($obj, JSON_PRETTY_PRINT);
?>
Upvotes: 4
Views: 2406
Answers (1)
Reputation: 41428
As long as the Ajax request will only trigger for a valid, authenticated user with an established session this looks good. Otherwise, anyone could call it with arbitrary 'playerNames'.
It will definitely prevent your API key from being exposed.
Upvotes: 2
Related Questions
- How to Hide an API Key in Client-Side Javascript
- How can I hide an external API key in a Wordpress PHP file?
- Ajax call hiding API key from client side?
- Hiding an api key, php
- Hide API KEY and URL inside of PHP file
- Hide an API key from the client side
- Is there a way to hide my api in javascript? (pulling it in from php?)
- How to hide my API key between PHP and Javascript?
- How can I hide API secret key when sending AJAX requests?
- Ajax to API without exposing KEY