SolidJS•4w ago

API Endpoint Security Question

I'm converting some server functions to API endpoints. With server function, I use "use server" to keep sensitive data like API keys secure. Here's an example.

"use server";

// My Stripe secret key is secure because of "use server"
const stripe = new Stripe(process.env.STRIPE_SK!, {
  apiVersion: "2024-10-28.acacia",
});

// Create user
export async function createStripeCustomer(email: string) {
  // create stripe customer
}

"use server";

// My Stripe secret key is secure because of "use server"
const stripe = new Stripe(process.env.STRIPE_SK!, {
  apiVersion: "2024-10-28.acacia",
});

// Create user
export async function createStripeCustomer(email: string) {
  // create stripe customer
}

If I create an API endpoint to do the same thing, is my Secret Key secure without using "use server"? I think that API routes inherently run on the server, meaning the code within them is not exposed to the client. Am I right?

// Is this Stripe secret key secure if I don't use "use server"
const stripe = new Stripe(process.env.STRIPE_SK!, {
  apiVersion: "2024-10-28.acacia",
});

export async function POST({ request }: APIEvent) {
  // create stripe customer. 
}

// Is this Stripe secret key secure if I don't use "use server"
const stripe = new Stripe(process.env.STRIPE_SK!, {
  apiVersion: "2024-10-28.acacia",
});

export async function POST({ request }: APIEvent) {
  // create stripe customer. 
}

2 Replies

Brendonovich•4w ago

Yeah that is secure

ChrisThornhamOP•4w ago

Thank you!

Gaming

Programming

API Endpoint Security Question