What is the easiest way to keep 3rd party API key private for use on a single-page application?

Question says most of it but here's some additional deets:

I want to use a 3rd party API in a SPA but don't want to expose my API key in the client-side application
I am using Firebase for hosting and don't have access to storing the key in a NODE_ENV variable which some answers suggest to use [does this even work?]
I have read answers to make a server-side app which stores the API key, takes client-app requests, makes those to the API and then returns the their response to the client-app. Is there a guide on how to make this, though?

Looking for the easiest method here, not the "most correct" ;)

#nodejs #angularjs #reactjs #javascript #react

Responses(1)

Sandeep Panda

co-founder, Hashnode

Sep 10, 2016

The last one is the easiest and correct way of achieving this. Whatever goes to client, stays there. There is no bulletproof way of hiding it on the client. Regarding a guide to no.3 option - It's pretty straightforward. Just build an API like any other API and let your client talk to it.

It's pretty straightforward. Just build an API like any other API and let your client talk to it.

This sounds pretty complex to me ^^; => What should I Google for?

Thread

What is the easiest way to keep 3rd party API key private for use on a single-page application?

Responses(1)

Recent threads

Search Hashnode

What is the easiest way to keep 3rd party API key private for use on a single-page application?

Responses(1)

Recent threads