This repository was archived by the owner on Nov 19, 2023. It is now read-only.
⚠️ SECURITY ISSUE: Hide the RapidAPI key #10
Comments
|
I want to work on this issue. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The problem
The RapidAPI key is exposed in the code, which means that anyone can take it and do a large amount of requests, surpassing the free plan limit and causing financial problems to the owner of the key.
The solution
In development (local): create an environment variable (ex: RAPID_API_KEY), and assign your RapidAPI key as its value. Make sure the .env file is listed on .gitignore so the key don't gets exposed in the public repository. Learn more about environment variables in React on this article.
In production (Netlify): create an environment variable (learn more in the Netlify documentation) with the same name and value as the local environment variable.
Observations
This is not the ideal solution, because the key will be still present in the request and anyone will be able to see it on the DevTools network tab. The ideal solution would be create a backend to access the API with that key. But at least the provided solution is a best practice and removes your key from GitHub.
Contact
E-mail: [email protected]
The text was updated successfully, but these errors were encountered: