1

In my current Agular app im sending a request to back end and i need to add api key as below:

         let header = new HttpHeaders()
        header = header.append("api-key","jkhjkh") 
        this.http.get(`https://api/${"EUR"}+${"SEK"}`,{headers:header}).subscribe(s=>{....

the problem is im exposing the api key to the user,its shown on the browser which is not secure,i was seraching on the google and found they say you have to put api key on the backend,if i do that how can i call then?please help me with an example or suggestion

Improve this question
7
  • 1
    You've pretty much answered yourself, you store the key in your server and never, for any reason, send it to the client. Just do the request from the server too. Commented Jan 11, 2022 at 12:42
  • @Alejandrowhat do you mean by do the request from the server,sorry i got confsuded Commented Jan 11, 2022 at 12:49
  • Add .env file. Add your keys there and take the reference. Commented Jan 11, 2022 at 12:51
  • @moris62 Don't send the key to Angular, and don't use Angular to do the request. Use your server backend to send the request, I guess ASP.NET Core from the tag in the question. As soon as you use Angular, the user has access to it. Commented Jan 11, 2022 at 13:02
  • @Alejandro since im new to this i may ask one more question,imagine you are a user and by clicking a Pay button on the browser,you are going to call an API which does the payment,that api needs api key to be authenticated, here is where im lost,how does this scenario work with your solution? thanks in advance Commented Jan 11, 2022 at 13:07

1 Answer 1

Reset to default
1

You need to keep the API-key away from the Angular frontend. If you have an dotnet core backend, create a controller there that wraps your call to the API (with for example HttpClient) and returns the response.

Angular <-> backend <-> API 
                    key

Instead of

Angular <-> API 
        key
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

i got the point that i should put the API on the server side,but I;d like to give a scenario which i would appreciate if you explain me the solution ,imagine you are a user and by clicking a Pay button on the browser,you are going to call an API which does the payment(api address is on the angular side),that api needs api key to be authenticated, how can i call that url without api key in the frontend?
@moris62 That wold warrant a new question. Post it like you did with this (not as a comment) and you'll get replies

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.