Storing API keys in Pinia (bad idea, or very bad idea?) #1253
Unanswered
maggie44
asked this question in
Help and Questions
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have a backend that connects to a server using an API key and through the API key has access to, let's say 10 functions.
I want to move all that functionality from the backend of the frontend, but the frontend is only supposed to let the user use 2 functions. This means, that if the user was able to get the API key out of the browser they could access 8 functions I didn't want them to have access to.
The question then, is one of security, and risks involved in using Pinia like this. I know the short answer is to keep the API key in the backend and only expose the two functions I want users to be able to access, or make changes on the API end, but for the sake of keeping a long story short let's assume they are not good options.
I could do then with some thinkers to help me work through the severity of the implications, my instincts tell me no, but the benefits I can gain from doing it make me think I should consider it. I realise an X factor here is the risks involved in the other 8 functions being exposed, but will leave that vague too just for the sake of simplicity.
Beta Was this translation helpful? Give feedback.
All reactions