If you are authenticating (looks like cookie) why does the client need an api key and secret?
How to secure Keys in Javascript?
I use APIKey, APISecret and Deployment to constant variables like below:
public const string Path = "/Deploy/Here";
public const string APIKey = "xyzApIKeY";
public const string APISecret = "zbcApISeCrEt";
I call controller using ajax like below:
$.ajax({
type: 'POST',
url: '@MyApp.Models.AppSettings.Application.Path' + '/Sales/Add_Update/' + '@Model.xData',
data: fd,
processData: false,
contentType: false,
headers: {
apiKey: '@MyApp.Models.AppSettings.Application.APIKey',
apiSecret: '@MyApp.Models.AppSettings.Application.APISecret'
},
success: function(result) {
},
error: function(result) {
}
});
everything (Path, APIKey, APISecret) are displayed clearly in javascript, any tips or idea on how to secure or hide it?
I need advice
thanks a lot in advance
Developer technologies ASP.NET ASP.NET Core
-
Bruce (SqlWork.com) 77,686 Reputation points Volunteer Moderator
2022-07-03T18:46:02.197+00:00
6 additional answers
Sort by: Most helpful
-
Dillon Silzer 57,826 Reputation points Volunteer Moderator
2022-07-02T05:30:18.597+00:00 You cannot hide API/secrets with pure javascript as javascript is on the client-side. You need to hide this information via server-side scripts/wrappers. I'd recommend you build a PHP application that javascript calls and the PHP script returns information from the API in some type of readable format.
-
Dondon510 261 Reputation points
2022-07-02T05:41:36.687+00:00 hmm, unfortunately, I don't understand PHP, can we just use Netcore?
-
Dondon510 261 Reputation points
2022-07-02T12:36:46.8+00:00 I use this way, example:
Controller -> Index -> View -> Index.html -> Javascript -> Call Controller using Ajax (this is the problem, the API Key, Secret clearly exposed!)
really need advice, how to deal with this, I have to secure the key
-
Dondon510 261 Reputation points
2022-07-02T12:39:33.893+00:00 @DillonS-2060
can you give me an example?, I'm not familiar with PHP, or perhaps there is another tricks in ASP MVC Netcore 6 to deal with this?, I use this way:Controller -> Index -> View -> Index.html -> Javascript -> Call Controller using Ajax (this is the problem, the API Key, Secret clearly exposed!)