Reputation: 105
How to protect API keys in PWA (Progressive Web Application)
How to store and protect the private keys on the client side.
Is there any way to protect the API Key in JavaScript?.
I cannot just put it there in plain text as it can then be used by others who see the code. So would there be an implementation where the API remains secret?
Upvotes: 3
Views: 1126
Answers (1)
Reputation: 163270
How to store and protect the private keys on the client side.
You can't.
Anything you send the client, the client has access to. Don't presume otherwise. No amount of encryption or anything will change this.
I cannot just put it there in plain text as it can then be used by others who see the code.
They don't even have to see your code. Monitoring the HTTP requests is enough to get your API keys in many cases.
So would there be an implementation where the API remains secret?
The API key should be attached to the user somehow. If they login, you assign a key specifically to them, for that specific session.
Upvotes: 4
Related Questions
- How to protect an API Key when using JavaScript?
- Is there a way to secure an API key on a frontend page?
- Where to "hide" an API key
- Securing API key used to make Web Api call
- Securely saving API keys in database
- Protecting API Secret Keys in a Thick Client application
- Securing API Keys on clients (JavaScript, Android, iOS, etc.)
- Protecting API Key in a JS application
- API key security in Javascript?
- How to keep API keys secret when using client side Javascript?