Let's say I'm using an API from UNSPLASH. They give me two keys. I use a "dotenv" file to store these as environment variables. Even If I make a build of it, that .env file will be in my app folder and hence that will be exposed to users.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I'm not sure there's a way, I could just setup a proxy or a network logger on my computer and see where your app connects to.
Why do you need to hide the endpoints?
A possible solution is to proxy your endpoints through a server
Let's say I'm using an API from UNSPLASH. They give me two keys. I use a "dotenv" file to store these as environment variables. Even If I make a build of it, that .env file will be in my app folder and hence that will be exposed to users.