hide api key

hello is there anyway i can hide my api key in vanilla js ?
10 Replies
Jochem
Jochem5mo ago
in the browser? No you have to use something on the backend
NIMA
NIMAOP5mo ago
oh there is no way ?
13eck
13eck5mo ago
There is no way, no. Front end code is always viewable by the client. If you need anything to be secret it has to be on the back end
NIMA
NIMAOP5mo ago
aright tnx for help
ἔρως
ἔρως5mo ago
everything that runs in the browser is visible to everybody also, even if you hide it, the key can be extracted from the network requests also, if the api is written properly, your api key will only work for the ip of your server, to reduce the possibility of abuse
Pi, a future fluent jp speaker
In short you cant escape from learning backend:linux:
clevermissfox
clevermissfox5mo ago
There are some shortcuts for projects you’re adding to something like cloud flare or netlify, they have a drawer to store your environment variables eg secret keys. But otherwise yes you’ll need to put them on the backend. And I know openai will revoke your key if you try to just leave it in the front end and your GitHub repo is pushed with it.
ἔρως
ἔρως5mo ago
as it should secrets are supposed to stay secret, and only stay secret if they don't leave the backend and aren't publicly available also, you want to implement things like caching and rate-limiting and re-shape the data to be easier to consume from the front-end and you only do that from the backend too
clevermissfox
clevermissfox5mo ago
For sure, was just warning OP if they just try to risk it and push as is, there’s a chance it will be revoked anyway. I’ve also struggled with figuring out how to safely store env vars so I empathize with OP. I’m terrible with backend
ἔρως
ἔρως5mo ago
i know what you mean, storing secrets isn't fun but it is necessary i know that just shoving everything into the front-end is easier, but ...
Want results from more Discord servers?
Add your server