33

Creating an API to access another API in order to secure your apikey feels... weird

Comments
  • 3
    So, instead of calling foo.com/api/bar?key=xyz, you just call yourdomain.tld/api/bar?anotherkey=maybeOrNone to mask your original key for foo.com? Kind of sounds resonable, as you don't want to expose your keys to the frontend. However think about if you could process the data on the server to add additional value to it.
  • 1
    @Wack yes I do process it a little bit. I also mix the data I get from the other API with some static data from a json file
  • 1
    @mightyleguan And make sure your API is either protected or throttled to the same level as the upstream API — otherwise someone might abuse yours and get you blacklisted.
  • 1
    @bittersweet thank you, I will keep this in mind and implement it
Add Comment