How to protect the API keys ?
I am trying to create a protected API endpoint in my Serverless REST API service using AWS API Gateway & AWS Lambda.
My client javascript app needs to send the valid API key to access this endpoint. How to store this on the client side?
Similar questions on 'protecting API keys on the client side', recommend to create a wrapper API on the middleware server that actually makes the protected API call with the valid API key, which apparently beats the purpose of going serverless using lambdas.
Appreciate some clear explanation on the concept.