Discussions
Categories
- 195.9K All Categories
- 2.1K Data
- 208 Big Data Appliance
- 1.9K Data Science
- 447.1K Databases
- 220.7K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 23 Multilingual Engine
- 516 MySQL Community Space
- 463 NoSQL Database
- 7.7K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 461 SQLcl
- 3.9K SQL Developer Data Modeler
- 185.8K SQL & PL/SQL
- 20.9K SQL Developer
- 292.4K Development
- 7 Developer Projects
- 120 Programming Languages
- 289.1K Development Tools
- 94 DevOps
- 3K QA/Testing
- 645.4K Java
- 21 Java Learning Subscription
- 36.9K Database Connectivity
- 150 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.8K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 14 Java Essentials
- 142 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 197 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 219 LiveLabs
- 34 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 166 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 225 Portuguese
Hide API_KEY in Plugin JS Code
Hi,
I created a Dynamic Plugin to get JSON DATA from an external URL. All is working fine. Unfortunately the URL to get the data contains the API_Key to access this API and every user of my application can see this URL with API_KEY in the Browser developer tools. I have to avoid that.
I thought I can switch to PL/SQL and get the data via "apex_web_service.make_rest_request" but that doesn't work because of the server certificate is not in the Oracle wallet.
Is there another way to hide the API_KEY and not adding the SSL certificate into the wallet?
Thanks,
Carsten
Answers
-
If your code requiring the key is run by a web browser, the web browser needs to know the key.
The alternative is to execute the code on trusted server-side platform. Be that on the database or a NodeJS server.
As for not wanting to use SSL - nonsensical to now transmit the secret key over unencrypted HTTP should the web service support this.
