2
I’m using the Jekyllcms to develop a CMS (Content Management System), but as I don’t know him very well and even after reading the documentation, I find it difficult to "hide" some data that I use in Javascript. There are two cases: A access_key of Graph API and the key of Mandrill. I use those two Keys in my code to acquire feed of a particular Facebook page and redirect e-mails for a particular mailbox. How can I deprive the end user of access to these Keys?
1
Hello, there is no problem you make your Apikey available on the internet, on Maindrill and on Facebook you will have the options to link your Apikey to a domain or IP, IE, that Apikey will have use only if the calls are from your allowed IP.
In Maindrill you will have the option: Only Allow The Key To Work From Certain IP Addresses and you will be able to use more generic but limited and you can use them from anywhere with the option: Only Allow This Key To Use Certain API Calls.
The same thing is repeated for Facebook.. You may have a list of domains/subdomains that will be allowed to make these calls.
It is important to understand that the concept of Apikey is different from the concept of secret key, I hope to have clarified your doubt.
Browser other questions tagged javascript cryptography
You are not signed in. Login or sign up in order to post.