0
I access an external google link and use a particular key, for example:
$.ajax({
type: "GET",
url: "https://www.googleapis.com/youtube/v3/search?part=snippet&maxResults=1&q=brksedu&key=(MINHA KEY AQUI)",
success: function(e)
My question is : how to hide this key so that whoever looks at the source code does not see it? Put it in a variable?
Thank you!!!
0
Impossible to hide information on the client’s side. Understand that everything the browser can see, the user can also
My suggestion is to put the key in some server-side code (php, nodejs, python or whatever you’re most comfortable with) and make requests on that server (by ajax or not)
remember, pretend that the user is your worst enemy in security matters, leave as few confidential information as possible in his hand (if possible, no)
Browser other questions tagged javascript
You are not signed in. Login or sign up in order to post.
Impossible to hide. It can spend the day overshadowing, that in less than a minute anyone looks for the browser inspector. What you can do is access the API dashboard and try to restrict to working only on the right domain, which is the most normal way to solve.
– Bacco
You can make the ajax go to your backend code, and make your code take the return of that script and return via ajax. Then the variables will all be in the backend. It will raise the processing cost but your key is hidden.
– Phiter
@Phiterfernandes gives anyway. If JS requests, anyone requests.
– Bacco
Not really. This question code would run on the server, the client would only see the url of the script.
– Phiter
@Phiterfernandes good, if pass the whole query to the server, and provide only the result, you are right, but then you need to see how much double traffic will weigh to Thiago (google <-> server, server <-> client),. And in this case, it’s important that Thiago understands how to rewrite the whole architecture.
– Bacco
Guys, vlw by the answers. Restricting the domain is what solves me. Google itself gives this option here and so only my domain can use this key. Even if someone else copies it, you won’t be able to use it outside of my domain, I guess! VLW!!!
– Thiago