Securing Website Api Keys In Chrome Extensions

May 08, 2024 Post a Comment

I'm building a Chrome extension using the Remember the Milk web API. In order to call methods in this API, I need to sign my requests using an API key and a 'shared secret' key. My

Solution 1:

Ultimately you can't truly hide anything within a JS application that's run in the browser; you can obfuscate or minify the code, which will distract casual users from snooping around, but in the end its always going to be possible to grab your plaintext secret.

If you really need to prevent this from happening, then one option is to pass calls from your extension to a server you have access to. Your server can add any paramters required for signing, forward the call on to the relevant API, and pass the API's response back to the user. Of course this adds bandwidth / uptime constraints which you may not want.

Baca Juga

Dynamically Create Object Keys In Ie 11 (expected Identifier, String Or Number, Not A Comma Issue)
'missing Semicolon' Warning In Eclipse For Javascript Code
Angularjs - Directive's Class Name Cannot Bring Into Inner Template

JavaScript Charts

Securing Website Api Keys In Chrome Extensions

Solution 1:

Post a Comment for "Securing Website Api Keys In Chrome Extensions"