How to protect access tokens in a web application?

Asked

Viewed 144 times

1

I have an application on AWS and to access it I need to pass a access token and a SSID. To access the AWS application I have a website, but the keys are written in the HTML code, and anyone accessing the site source can see the keys.

I’d like to know how to hide these keys.

  • What kind of aws service are you using?

  • which backend of your website?

1 answer

0

The "javascript" tag indicates that you must be making an AJAX request to your application.

In this case, you cannot hide the data.

What you can do is create an endpoint on your site to be the intermediary. The page makes a no token request to the site and the site server makes the request to the AWS. So the secret data stays on the server only.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.