Closed hellno closed 2 months ago
@hellno @neynar/nodejs-sdk
should not be used from the frontend, because NEYNAR_API_KEY
will be bundled and shipped in the frontend code, thus leaking the key
We would recommend to have a server running node >= 19.9.0
and frontend should make a call to this server.
hm okay. not the best solution. most requests are unique feeds per user, so we're not benefitting from caching data on a server. so it'll mostly be additional request time from frontend <> server <> neynar API and back.
I assumed the Authorized Origins on the Neynar API side make it "not great, but okay" to leak the key in the frontend, similar to Alchemy RPC api keys.
@hellno Oh no. Authorized origins are used only for SIWN right now.
@hellno Closing this issue. Feel free to create a new one if needed
herocast (https://github.com/hero-org/herocast) relies on the nodejs-sdk in the frontend. we're doing a bunch of requests to get data for feeds and channels from the frontend using
NeynarAPIClient
.relevant commit: https://github.com/neynarxyz/nodejs-sdk/commit/292cf128d518d7b0fd865f5a678b243741cb1f53
error messages:
is there a recommended different way to make requests from frontend? is there a quick improvement we can make to exclude the node version check if a request is made from frontend?
thank you! :)