swami-sanapathi
commented
1 year ago We do use private keys for encryption and decryption of payload/response that we have received from the server.
Closed swami-sanapathi closed 1 year ago
swami-sanapathi
commented
1 year ago We do use private keys for encryption and decryption of payload/response that we have received from the server.
If you set them as a environment variable and consume them in your application (via process.env or import.meta.env), yes.
Private keys should never be put in client (browser) code.
If the api has a public/private pair keys mechanism, you can put the public one in the frontend-code, the api sdk usually handles the authentication process. (stripe as an example)
If the api only gives you a private key, you should not do your request from the frontend but have a backend that will basically serve as a proxy to the api using the private key.