Hide proven javascript code

Question

Hide proven javascript code

Asked 8 years, 1 month ago

Viewed 423 times

0

I access an external google link and use a particular key, for example:

 $.ajax({
            type: "GET",
            url: "https://www.googleapis.com/youtube/v3/search?part=snippet&maxResults=1&q=brksedu&key=(MINHA KEY AQUI)",
            success: function(e)

My question is : how to hide this key so that whoever looks at the source code does not see it? Put it in a variable?

Thank you!!!

1

Impossible to hide. It can spend the day overshadowing, that in less than a minute anyone looks for the browser inspector. What you can do is access the API dashboard and try to restrict to working only on the right domain, which is the most normal way to solve.

– Bacco

2016/09/26 at 12:38
You can make the ajax go to your backend code, and make your code take the return of that script and return via ajax. Then the variables will all be in the backend. It will raise the processing cost but your key is hidden.

– Phiter

2016/09/26 at 12:41
1

@Phiterfernandes gives anyway. If JS requests, anyone requests.

– Bacco

2016/09/26 at 12:42
Not really. This question code would run on the server, the client would only see the url of the script.

– Phiter

2016/09/26 at 12:43
@Phiterfernandes good, if pass the whole query to the server, and provide only the result, you are right, but then you need to see how much double traffic will weigh to Thiago (google <-> server, server <-> client),. And in this case, it’s important that Thiago understands how to rewrite the whole architecture.

– Bacco

2016/09/26 at 12:49
Guys, vlw by the answers. Restricting the domain is what solves me. Google itself gives this option here and so only my domain can use this key. Even if someone else copies it, you won’t be able to use it outside of my domain, I guess! VLW!!!

– Thiago

2016/09/26 at 12:49

Show 1 more comment

1 answer

Browser other questions tagged javascript

You are not signed in. Login or sign up in order to post.

by João Pedro Silva • **150** points · Answer 1 · 2016-09-26T12:55:51+00:00

Impossible to hide information on the client’s side. Understand that everything the browser can see, the user can also

My suggestion is to put the key in some server-side code (php, nodejs, python or whatever you’re most comfortable with) and make requests on that server (by ajax or not)

remember, pretend that the user is your worst enemy in security matters, leave as few confidential information as possible in his hand (if possible, no)