I have built the random quote generator with React and a random quote API. It is now time to deploy. The API key needs to be hidden and the code needs to remain open source so the code can be viewed.
After spending some time researching, I have found Netlify and server less functions. Should I learn how to build a serverless function to make the api request and deploy the Random Quote Machine with Netlify from a public repository?
Before spending time learning how to build a serverless function, I want to ask if I am going in the right direction to deploy my random quote machine website.
The tech stack should not disqualify my project for receiving credit toward the frontend frameworks certification.
What is the best way to hide the api key while making the random quote machine code open source, so the code is still visible?
Can you put your API key in another file (and then import the file in your main code)?
If so, then you can add that file to git ignore so that the key will not be uploaded to GitHub and will remain a secret.
My initial suggestion would be to use a quote API that doesn’t require auth and has proper CORS headers. There should be plenty to choose from. There are also GitHub repos with JSON files you can use.
To use an API key you have a few different options.
Use a framework (e.g. Astro) that does an initial fetch at build-time. This is perfectly fine with an API that doesn’t change much. You do need to fetch all of the data to do any randomization. So you can’t just use an endpoint that gives you a single random quote. You also can’t do runtime API interaction (unless you switch to SSR). Single deploy.
Use a framework (e.g. NextJS) with server-side code for the API interaction. Single deploy.
Create a backend (e.g. node/express) that both serve the static files (like a framework build output) and has API endpoints used by the client code. Single deploy.
Create a separate backend your client deploy will use. Can be two deploys on different hosts (client/backend).
This is how I am completing this assignment. I found an api with no auth required and CORS headers like you suggested. I also used the GitHub link you gave. Thank you
