Securing API key used to make Web Api call
Question
I am making a Jquery Ajax web api call . That Api call requires me to pass the Api key. I have enabled CORS. Here is how my call looks currently
$.ajax({
type: "POST",
url: http://localhost:83/test/example1,
data: { name: JSON.stringify(myObject), userId: UserId },
dataType: "json",
headers: {
'apikey': 'asdfee'
});
My question is how do I securely pass this key? I don't want to directly expose the value.
Any directions please?
1 answers
solution1
0 ACCPTED 2018-03-21 17:20:18
In short, you cannot secure the key on the client side. Anything on the client side is exposed and can be viewed by anyone.
This being said, there are ways you can attempt this.
Try to make it as hard as possible for anyone trying to get your key. This means store in something like local storage and minify your JavaScript code. This isn't 100% but it will make life harder for anyone trying to get it.
Introduce another layer in between. I have done something like this myself, this extra layer is another API. This is where you store the key and this is where you communicate with the other API. So basically you never expose the API key to the client side. Your front end call this new API and the new API calls the protected one. As I said, one extra layer in between but it does help keep the key secure.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.