Store APIs Key in FrontEnd SDK issues

Context

Provide a service and SDK(include customer's key) for frontend (web/mobile)

Issue

Attacker can get the key and spam/abuse services -> customer can be highly charged

Wrap Solution

Flow: Customer's frontend -> provider's backend

Rate limit by IP
Rate limit by user data
Limit by country IP

Flow: Customer's frontend -> Customer's backend -> Customer's frontend -> provider's backend

Encrypt data by customer's secret key in customer's backend
Customer's backend limits request by user's auth

PreviousCryptography NextAPIs abuse issues

Last updated 4 years ago