Hide API Keys with a Node.js API Proxy + Caching, Rate Limiting and Slow Downs

Without TH-cam I would have never found out about you and what you do. I'm going to tune into your Twitch in the future, but these videos available on TH-cam have been invaluable to me, and I really appreciate your taking the time to cultivate this coding garden!

I learnt how to do all this myself and was always nervous that the things I was doing were not best practices and wrong. I feel validated that I was using best practices now lol. Thank you so much.

Hey! Happy to find your content as this was closely related to a topic I was struggling to tackle. You earned yourself a new fan!

We support you as well! I'm loving your content and your personality from France !

I was looking for this for almost a month. Finally got a decent answer

I learned about backend and sec with this video more than in my whole life. Thanks, CJ for that loveable content.

Wow bro Im a programming beginner and usually pretty slow too, and even though I clicked on this video without even knowing what exactly it is about, I must say I understood everything super clear! You're awesome, thank you!

Hope you keep making these youtube highlights! I've recently discovered your channel on yt and its great! Might even go visit your twitch ;P

Very informative video. Quick and easy. Keep up the good work!

Man! You are such a great tutor! Congrats!!!!

wow what a content really appreciating. Thank you dude

i don't know what to say but this one really helps me a lot! Love you so much!

Keep making these youtube highlights! I won't be able to watch your Twitch stream, so if you didn't make these videos I'd be missing out on all the good stuff! Keep it up :)

you help me a lot since I'm starting with node js

I learn from you so much. Thats insane.

Love your explanation❤

This is seriously impressive

Loved it, these are rare, precious practical knowledge

CJ great video this is one of the best tech channels. Have you ever try to apply clean architecture to a project. I would be great to see you how to structure a project.

Awesome upload as always

Quality content. Learn new things. Thanks ❤

Incredible work.

Got a ton of value from this video. Just leaving a comment in appreciation.

Superb video CJ !!! 😎

CJ's content is amazing 🤩

Super video. Thanks!!

Great videos mate, keep it up! "I have to change my port" :D

hey really cool vid ! hope you'll keep making some !

Much appreciated !

Another option to consider for the proxy portion of this code is express-http-proxy which will effectively and easily forward/proxy requests to specified path including headers, params, body and similar as a simple middleware. It has plenty of configuration options to rewrite the path or perform actions before/after proxying. There is nothing wrong with axios, but the effort can be simplified using a library like that.

Your videos are great, keep posting content like this

This is gold content!

Dope content 🙌🏽

Thanks, CJ! :)

I keep watching your videos bc you are fun and nice to watch 🤗🤗🤗🤗🤗☺️❤️

great content - ty!!!!

have a great vacation CJ

Great content thanks

Thanks!

This was an amazing video! Freaking Randy!

What plug in did you use to display the comment with the date at 18:22

Great videos. thanks you so much

Cool! Thank you.

Hi, you are great. Yesterday i built a little app which exactly the same problem and i did it like in the video, but you show much more useful things. Thank you :-) It was amazing if you could make a video like this to the following topic: how can our own api more secure? (api key? authentication? json web token? I don't know :-))

Thank you

That's some great tutorial there

wonderful content bro, but i've curios to know what is the keyboard that you r using ???

Awesome Video bro keep it up like always, could you share the link to the express scaffold library?

Question : i want that only my frontend should connect with backend api and if i create a proxy so that user can still take it and make request and do with the data

Can we store the keys on Aws secret manager ?

you can limit the website CORS or ip/domain restriction i.e. use a api gateway or use ssl 2way ssl. when you register a key tie it to a domain name

thanks

So in angular I've left some firebase config in environments folder, so the environment folder is also exposed to client or what kindly let me....

Randy with the bits!

hiii there so i need your help trying to start a node js server on shared hosting..but it isn't working what could be the problem

Thank u so much, regards

This is so fcking awesome

You so awesome maaaaan!!

Hey! If you wanted to make a post request using express and axios like you used in this video how would it be? I've been scratching my head trying to find a solution!

what are those bits means ?

What is that "take a break" app?

Very good video, but if the attacker changes his IP in every request?

Amazing

Nice !

how did you create the express generator?

For a time being if i consider only cache, and not rate limiter and slowdown, to store responses, does that mean for every request i am storing data in cache. Wouldn't that lead to high memory usage? Still video helped.Thanks

How did you create the express setup from the command line..?

what vscode theme？

Nice topic man.
What u recommend me if my api endpoind had many requests
,
For example for in mobile app like a delivery app that its necesary use api for *maps routes and others* _that consumes money and by increasing requests
_ .
In mobile app configuration its my problem
This video applies to this issue?
its possible to use an new way security *this* using some hack int server (Backend) side.
Thanks

Actual modern and quality accurate content fam! you get my sub

Hey not sure if you’ll see this but have you ever gone over something like this but with 0auth? It’s a tricky subject for me

What is time?

Nice

What is your VS Code Theme?

What coding break timer are you using in this video?? I did notice that you are on an Apple device, but I should be able to find a windows export of this same one.

If the NASA API required a JWT token, where would you store it in NodeJS? I'm new to Node, trying to figure out where a token would be stored in a proxy API set up like this. Also great video, thank you!

🌱

Hey, I need help. I am curious, how can I go about logging each request made with api, so I can know the total amount of request being made to my api and store it somewhere?

God content!

You can encrypt the data so that only you can decrypt it. The decryption is the "authentication". CORS is another option.

Hi, could you tell me what is specs of your current macbook ?

How are you saving dependencies to package.json without --save? Do you have an alias set up?

Put your api behind a CDN, and enable hotlink protection or url singing.. or you a API gateway to control all these.

whats ur colorscheme please?

👍

please keep doing youtube highlights ^^ thanks

10:01 more bits

What's the theme he is using for vscode ??? Anyone

wow. its a great explanation, woukd you like to exolain error middleware handler in your project. thank you.

why dont you just use feth()?

Eaat or west coding garden is best

while(true){fetch(url)} and your servers CPU will still be under huge load which is the only thing that matters for ddos attack. your app still needs to check the ip address and the sender is not waiting for response so the speed limit is irrelevant and the CPU is still working with the express-rate-limit library. this is my theory and i dont see why in a hypothetical scenario with lets say a billion request per millisecond your app would survive. you can run that while loop with 100 virtual machines around the world simultaneously .

Goddamnit Randy 😂

can you share your VS Code theme? :)

Please move from Express.js to Fastify and enjoy faster code with little to no changes in your codebase.

About the caching, better store and update the promise in the cache in a synchronous way and then await the cached promise.
In your current code, if for any reason, the calls to the nasa api take longer to resolve, let's say 10 seconds, then during these 10 seconds, your cache will fail and you will simply forward every single call to the nasa api. So if there's trafic on your api too, you could expire your rate on the nasa api before the cache kicks back in (for 30 seconds, before it may fail you again).
if (!cachedPromise || Date.now() - 30000 >= cachedTime) {
const params = ...;
cachedPromise = axios(`${BASE_URL}${params}`);
cachedTime = Date.now();
}
...
const { data } = await cachedPromise;

why dont you just use built-in fetch and always use third party lib to make api requsts? i never understood why

Hello I love you work. Please develop a twitter clone with react node js.
Love u.

Are you no longer live streaming on YT?

6272