Hiding API keys

I know how to do this for Node and Heroku but how about an ordinary bit of Javascript hosted on my own hosting.
Or even codepen?

1 Like

Unfortunately, there’s no way of hiding code that gets run in the browser.

1 Like

Unfortunately, you cannot hide on the client side.

However, what you can do is set an AJAX request to get the API key from your server. I believe this is the only way to hide API keys on the client-side.



if you are working on the weather app, there is not really a good way to hide the key. It is a known problem. When you want to use a weather api, use one where nothing happens when you publish the key. For example …after xxxx calls the api is not working anymore. for this day/week/month. .There are some apis where you must pay after xxxx calls automatically, you should not use them for codepen… of course!


Yes, I was thinking hiding them in a database is what most systems will do.
I don’t expect too much traffic so I’ll not worry about if for now. :blush: