+ 3
How to hide my apikey details on Sololearn?
I have a code that requires an API key which I don't want to be accessible publicly. So I wanted to know if SoloLearn has any way to store env variables that cannot be viewed publicly. One approach I had thought for this was encrypting the key in an external script and decrypting it in SoloLearn, this doesn't really make sense as anyone can add a `console.log` for displaying the decrypted text. Edit: Another "long" approach I am considering is to host a simple REST API Server which would make calls internally to the API URL and return me the response object.
12 Antworten
+ 9
All the code you publish on Sololearn, can be seen by others. Even if it's marked private, if you give the link to someone directly, they can view it and execute it. Securely storing credentials and api keys is not possible on this platform. So using a mediator web service, is a good idea to keep your access protected. Just make sure to also build in some limits, maybe your API key has a quota, and can incur costs if you overuse it (even if someone else mindlessly invokes your API a million times).
+ 7
Sounds like it's a good idea to question, "Why do you really want to post the code on Sololearn if you want to hide parts of it?"
If you want to run it/test it alone, you can keep it private and not send it to anyone. Nobody will ever see it.
+ 5
Fetching api with apikey can only be done from a server, if you want to protect the api key from being exposed.
Here an example of fetching api with protected key on .env file (even the server code is a public code, nobody can see the api key on .env except owner and collaborators)
https://code.sololearn.com/WZ3gsmuMSJb2/?ref=app
if you want to study the server code, check out the below Glitch code url (note that from the node.js code you will discover that you can't view the .env content, but the program able to retrieve the api key from .env using process.env.apikey)
The API server is from a glitch site
https://glitch.com/edit/#!/sparkly-button-lake
+ 4
Tibor Santa so I guess even you are kinda pointing towards the "Long" approach that I mentioned
+ 4
Yes, the simplest answer is that you create your own API that makes requests to the other, it is the simplest.
But if the use of the API. requires payment, just like Tibor Santa said, better be careful, if you can reset your API key or delete it and create a new one, it's ok to share it, at least for a while.
+ 3
Mirielle kinda knew this was coming hence added it in the question.. I'd still wait for other answers just in case someone has some trick
+ 3
$hardul B probably if they visit the link people could see it… but maybe there is a way to access a private dropbox from sololearn. Or maybe you can put password to your file and opening it with the program…?
+ 3
$hardul B Or you can use other API, so people wont see your one.
+ 3
Make API end points in node or express and deploy it to heroku or any other service.
Use the sololearn just for client side stuff and keep all backend code in the server
+ 2
Or you can import it from dropbox probably??? I mean your API key, you cna use an env file and next import it from dropbox
+ 2
Ugulberto Sánchez someone could access my code on Dropbox right?
0
O si ññññ