See Docs

Beta

Warning

Never Expose API Keys on the Frontend Since frontend code is visible to users, exposing API keys in requests (even in headers) makes them vulnerable. Instead, use a backend proxy

Use a Backend Proxy (Recommended)

Never Expose API Keys on the Frontend Since frontend code is visible to users, exposing API keys in requests (even in headers) makes them vulnerable. Instead, use a backend proxy

Restrict API Usage by IP or Domain

If you're using third-party APIs, check if they allow you to restrict access by: IP Address: Only allow requests from your backend server IP. Referrer Header / CORS: Only allow requests from specific domains.

Use OAuth or JWT Tokens for Authentication

Instead of API keys, use a secure authentication mechanism: OAuth: Many APIs offer OAuth authentication, which provides temporary access tokens. JWT (JSON Web Token): Authenticate users via JWT tokens instead of exposing API secrets.

Implement Rate Limiting & Logging

To prevent abuse: Rate Limiting: Limit the number of requests per user/IP using tools like express-rate-limit. Logging & Monitoring: Monitor API usage with logs to detect suspicious activity.


import express from 'express';
import axios from 'axios';

const app = express();
app.use(express.json());

app.post('/api/proxy-endpoint', async (req, res) => {
  try {
    const response = await axios.post('https://thirdparty.com/api', req.body, {
      headers: {
        'API-KEY': process.env.API_KEY,
        'API-SECRET': process.env.API_SECRET,
      },
    });
    res.json(response.data);
  } catch (error) {
    res.status(500).json({ error: 'Something went wrong' });
  }
});

app.listen(3001, () => console.log('Server running on port 3001'));

Beta Mode Active