Forum Stats

  • 3,853,631 Users
  • 2,264,247 Discussions


Hide API_KEY in Plugin JS Code

cc13com Member Posts: 25 Red Ribbon
edited Feb 22, 2021 1:43PM in APEX Discussions


I created a Dynamic Plugin to get JSON DATA from an external URL. All is working fine. Unfortunately the URL to get the data contains the API_Key to access this API and every user of my application can see this URL with API_KEY in the Browser developer tools. I have to avoid that.

I thought I can switch to PL/SQL and get the data via "apex_web_service.make_rest_request" but that doesn't work because of the server certificate is not in the Oracle wallet.

Is there another way to hide the API_KEY and not adding the SSL certificate into the wallet?




  • Billy Verreynne
    Billy Verreynne Software Engineer Member Posts: 28,877 Red Diamond

    If your code requiring the key is run by a web browser, the web browser needs to know the key.

    The alternative is to execute the code on trusted server-side platform. Be that on the database or a NodeJS server.

    As for not wanting to use SSL - nonsensical to now transmit the secret key over unencrypted HTTP should the web service support this.