DEV Community

Discussion on: Secure API Keys on the Frontend - Vue JS

Collapse
elliotandres profile image
Elliot Andres

Looks great, I started to do Netlify functions just today but this looks like a nice alternative. I just wonder if this is safe enough though...

Collapse
mary_white profile image
Mary White

How are the Netlify Functions going? I also looked into this route for securing my APIs but I was concerned about the exposed endpoints with Netlify Functions. A malicious actor can reach this endpoint and use a bot to cause damage/ have the API shut down. I ended up using KOR Connect for the extra protection on the public endpoint that is created to prevent unwanted calls with or without the browser

Collapse
elliotandres profile image
Elliot Andres

At the end Netlify functions worked just fine to me. We could secure the function to accept only wanted connections without issues. This kor tool looks nice but there is no info about how the security works nor their datacenter security, info handling or even penetration testings. At the place I work at, this things are key values for us to choose a provider.

I have seen some local proxies around, I wonder if putting them into an ec2 would work haha

Thread Thread
rgetkor profile image
Rodrigo Author

Hi Elliot,

We are currently working on putting more information on our web explaining the security side of our app. Once we update this during the coming weeks, feel free to give it a look!
I assure you can have a better experience than doing functions.

Collapse
kor_connect profile image
KOR Connect • Edited on

We understand that concern and we are currently preparing more documentation to go in-depth about our security measures. To summarize our security at a high level, we have encryption at rest and in transit for all sensitive information; the cool part lies in securing the requests to your API. To accomplish this we use Google's reCaptcha as an attestation service to validate where the traffic is coming from, i.e. your front end. We have some additional validations in place to make the requests more secure. It’s super easy to set up, try it out and let us know if you have any questions. You'll find you are right about this being a nice alternative to Netlify when looking for a quick and safe way to connect you FE and API.
If you have any specific questions feel free to post them here or you can email us at info@getkor.io