How to hide personal data on the front end

Asked

Viewed 39 times

1

When we want to hide some personal data in the back end we use the file .env, and then retrieves this information using process.env.[KEY_NAME], but that only works in the back end because as the dotenv is a module of Node the browser cannot run...

So how do I protect data that I would like to keep private on the front end? I am trying to hide my API_KEY, I need to make a request for an API like http://url&appid=[MINHA_API_KEY], there is some simple way to hide and retrieve this key as the .env back-end? It’s just that I don’t want that key to go to the github, nor is it visible to the user through developers tools browser...

api security-guard client-side

1 answer

1


There is no way. Everything that moves between server and browser is visible by the user in some way. However, you can "hide" this key in two ways:

  1. Make the request for the external service in your back end and leave the key stored there - so the client only communicates with your API, without knowing the key to the external service
  2. Make user use their own key - which is not feasible in all cases

Browser other questions tagged api security-guard client-side

You are not signed in. Login or sign up in order to post.