i have java script file that i would like placed on my WP site. this JS file makes a API call to external server. In me header sent to API end point I send my api key
var myHeaders = new Headers();
myHeaders.append(“Content-Type”, “application/json”);
myHeaders.append(“Accept”, “application/json”);
myHeaders.append(“x-apikey”, “XXXXXX”);
is there a place to hide my key somewhere on the WP site/configuration file yet make it available to my script?
If the key is needed by JavaScript, then no matter what you do, it will eventually end up in clear text on the client.
If an API key is supposed to be secret, then you’d proxy your requests through a server-side language like PHP rather than making them directly from the client using JavaScript.
If the key must be used via JavaScript, some providers have a way to limit the key to specific origins so someone cannot take it and use it on their own site. This is something you’d setup with the API provider.