As shown in the video, you can hide a key from users on the frontend, others when sharing your code and even from others with access to your source code on the backend with server-side environment variables.
No you cant, no matter how much you hide the key in front end, the user agent "browser" from client side still sends the key in get/req/body to api server. Which can be intercepted using tools like burp-suite. even if not visible in source as shown in this video.
Bro what if i use API url from inspector panel (HTTP//LOCALHOST:3000/API) and call it from my web app i can get response of weather API without needing any KEY. 😵 I'm not a backend guy but i think you exposed entire weather API while securing your key. 🥲 Am i wrong ? 😅
why did you start with static files then move to a react app? can you do one for static files that dont run a server?
how can i secure my firebase api key then ?
Thank you
You are welcome!
ty
sooo…you can’t really hide a key
As shown in the video, you can hide a key from users on the frontend, others when sharing your code and even from others with access to your source code on the backend with server-side environment variables.
No you cant, no matter how much you hide the key in front end, the user agent "browser" from client side still sends the key in get/req/body to api server. Which can be intercepted using tools like burp-suite. even if not visible in source as shown in this video.
@@MrYesnadir wait so how do u actually secure your api key ?
i think the best way is to encrypt using cipher
Bro what if i use API url from inspector panel (HTTP//LOCALHOST:3000/API) and call it from my web app i can get response of weather API without needing any KEY. 😵
I'm not a backend guy but i think you exposed entire weather API while securing your key. 🥲
Am i wrong ? 😅