How to encrypt the API token on the client side?

M

Mishcake2020-01-17 10:32:44

PHP

Mishcake, 2020-01-17 10:32:44

Hey! In the previous question, I asked if it is possible to send API requests directly from the page with the form and check some conditions.
It turned out that it is possible, but in the request it is necessary to pass the partner's token, without which there will be no response. But with this token, you can do a lot of things in the service with which I contact via API, and inserting this token directly into the page code is somehow scary for me.
I am accessing the API using js and fetch.
PS As an alternative, I see storing the value of the token on an external host in a php script that will check which address the request will come from and if it matches mine, then send it to the API, then return it back to the page, where JS based on the response will make something.
Or use base64_encode() and base64_decode() on the server with php.
What is the best way to do it, please tell me.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ivan Shumov, 2020-01-17
@Mishcake

You don't have to do that. It is worth choosing the right authorization in the API. I don’t know what kind of system you have, but what prevents you from making a wrapper into which to let users in according to their personal tokens or sessions?