Ways to keep API keys secret

  1. Use a proxy service which just exposes one key to that service - this is basically like 3

  2. call the API from the back end - i think that mashape is an API proxy? yahoo also run an API proxy where you can use third party proxies - I have found this to be a bit unreliable.

  3. if the API allows it you can tell it to only allow traffic from one domain - this actually seems like the most reasonable approach.

  4. Use env variables if you have a back end and access to the server.

Posted @ 2019-02-28 12:44