Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to solve API key is visible on request URL problem?

Tags:

javascript

security

api-key

dotenv

I've hide my API key inside .env file in my React app. And I used it through process.env. But When I go to network tab in developers tool of google chrome and check requests there I can see my API key present in the request URL. Therefore my API key is not secured. Anyone will able to get my API key. How can I hide my API from that place as well?

enter image description here

like image 630
Kasun Avatar asked Oct 27 '25 07:10

Kasun

1 Answers

There is no way to hide the key on the client-side.

My suggestions:

  1. Do this call from your back-end, and expose it to your front-end
  2. Add API HTTP referrer restrictions instead. Only requests from your domain make the call in (1)
like image 72
wdetac Avatar answered Oct 28 '25 19:10

wdetac
Sign in to Comment

Related questions

Restore native Window method
Jest mock function's inner variable and change function's behavior?
Angular 4 not send cookie to server
Hide/Change javascript prompt title
How do web workers work in single core machines [closed]
XMLHttpRequest in Javascript Class
How to import GIF in NextJS

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!