Reputation: 1025
Where to securely store an access token used for api requests from the Monzo bank api
I am working on a finance app using the Monzo bank api, and the auth process ends in receiving an access_token from the Monzo api: https://docs.monzo.com/#acquire-an-access-token
I have got to this point, and received the token which I need to use to make all future api requests to retrieve my financial data, but I am really unsure how to securely store this token.
Localstorage is not secure, so where could I store it so it can't be read from the client side?
This is within a React app using Firebase as the database.
Many thanks
Upvotes: 0
Views: 87
Answers (2)
Reputation: 598603
If you have an API key that must be kept secret from the users of your app, you'll want to keep that API key on the server, and only expose the specific functionality to that user that they're allowed to use.
My preferred way to write such a server-side endpoint/API is by using Cloud Functions for Firebase. If you want to get started with that, I recommend taking this codelab.
Upvotes: 1
Reputation: 564
You can use HTTPonly or Secure Cookies to store the token
To Setup Cookies with reactJS there is a package
https://www.npmjs.com/package/react-cookie
Upvotes: 1
Related Questions
- Where to store access-token in react.js?
- Where to store JWT token in react / client side in secure way?
- How can I store and secure my JWT token in react application
- Best practice to safely store API token in React frontend application?
- Storing and using the Firebase Auth Token for API calls to my server
- Where to store API (Paypal) access tokens on the server side (node.js)
- Where to store the refresh token safely
- Where can we store the JWT token securely?
- Where to store authorization (or JWT) tokens on the web browser based clients?
- Securely storing auth token in React Frontend