search

Store APIs Key in FrontEnd SDK issues

hashtag
Context

Provide a service and SDK(include customer's key) for frontend (web/mobile)

hashtag
Issue

Attacker can get the key and spam/abuse services -> customer can be highly charged

hashtag
Wrap Solution

hashtag
Flow: Customer's frontend -> provider's backend

  • Rate limit by IP

  • Rate limit by user data

  • Limit by country IP

hashtag
Flow: Customer's frontend -> Customer's backend -> Customer's frontend -> provider's backend

  • Encrypt data by customer's secret key in customer's backend

  • Customer's backend limits request by user's auth

PreviousCryptographyNextAPIs abuse issues

Last updated