DEV Community

loading...

Discussion on: Hiding API Key in Img Src URL?

Collapse
jappyjan profile image
jappyjan

It’s in the frontend anyway. So there will never be a secure way of hiding anything in there.
The api key stored/used in the client side should be bound to the fingerprint (e.g. ip + User Agent) of the current session and be only valid for a certain amount of time.
Except from that, you cannot do a lot...