Third party api's keys

Hi, I am working with the wordnik api which requires a you a key to fetch data from it. Just today I got it and the mail says

Please keep this key in a safe place!
Please do not share your key with others, or expose your key in client-side code.

How am I supposed to do that? Whatever code you write for the front end will load up in the browser. I am confused.

Hello there,

It is expected API keys will be used server-side. That is, you should not reference them anywhere in your client-side code, but make requests to a server to get the information from the API.

// Server
app.get('/', (req, res) => {
  const myApiKey = process.env.SECRET;
  const thirdPartyData = ThirdPartyFunc(myApiKey); // Fetches data
  res.json(thirdPartyData); // Sends back data. NOT SECRET
// Client
const data = await (await fetch('')).json();
// Use data...

Hope this clarifies

Well I haven’t started with server side yet. Just know front end.
But I do have a github repo.

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.