Hiding API keys

Hiding API keys


I know how to do this for Node and Heroku but how about an ordinary bit of Javascript hosted on my own hosting.
Or even codepen?


Unfortunately, there’s no way of hiding code that gets run in the browser.


Unfortunately, you cannot hide on the client side.

However, what you can do is set an AJAX request to get the API key from your server. I believe this is the only way to hide API keys on the client-side.



if you are working on the weather app, there is not really a good way to hide the key. It is a known problem. When you want to use a weather api, use one where nothing happens when you publish the key. For example …after xxxx calls the api is not working anymore. for this day/week/month. .There are some apis where you must pay after xxxx calls automatically, you should not use them for codepen… of course!


Yes, I was thinking hiding them in a database is what most systems will do.
I don’t expect too much traffic so I’ll not worry about if for now. :blush: