1

I am making a Jquery Ajax web api call . That Api call requires me to pass the Api key. I have enabled CORS. Here is how my call looks currently

$.ajax({
  type: "POST",
  url: http://localhost:83/test/example1,
  data: { name: JSON.stringify(myObject), userId: UserId },
  dataType: "json",               
  headers: {
      'apikey': 'asdfee'
  });

My question is how do I securely pass this key? I don't want to directly expose the value.
Any directions please?

Improve this question
3
  • 3
    There is no right solution for that. Any possible way to store the key can be read by browser = can be read by everyone with the access to your browser Commented Mar 21, 2018 at 16:52
  • how do I securely pass this key you can pass the key securely using SSL but that only secures the communication. There is no way to securely store that key in your code as it's openly visible to everyone. To secure keys like this is typical to use some flavour of OAuth though even this is no longer standardised. Basically this isn't security (full stop) Commented Mar 21, 2018 at 16:54
  • If you're concerned about this, you should use an AJAX post to a controller on your server and then your server can safely post to the API requiring the API key. Commented Mar 21, 2018 at 17:08

1 Answer 1

Reset to default
1

In short, you cannot secure the key on the client side. Anything on the client side is exposed and can be viewed by anyone.

This being said, there are ways you can attempt this.

  1. Try to make it as hard as possible for anyone trying to get your key. This means store in something like local storage and minify your JavaScript code. This isn't 100% but it will make life harder for anyone trying to get it.

  2. Introduce another layer in between. I have done something like this myself, this extra layer is another API. This is where you store the key and this is where you communicate with the other API. So basically you never expose the API key to the client side. Your front end call this new API and the new API calls the protected one. As I said, one extra layer in between but it does help keep the key secure.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

using option 1 and 2 both

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.