Any API must have it's caller with authorization bearer credentials decrypted outside of the scope of the client, and cannot be even sent the results of an encrypting/decrypting service (to protect the API user from theft).
If a private decryption method can hide the result from the public client caller (function), wouldn't a nice proposal be to have a new global fetch method that decrypts the Authorization headers of a W3C fetch request? This way we can have logic on the client (cloudflare edgeservice worker tokenize, no redirect nor digital ocean second POST needed, perhaps just GET from such a service hosting an API key to be held privately).
Example and pitfall:
Here, the service decrypts instead of the potential new (fetch) private caller (method), but cannot decryption of the Authorization header be called by a method that is private from the client AND the Network tab in Chrome devtools inspect, perhaps only when finally sending to HTTP (as I imagine the code, the data populating devtools happens within the block before return)?
Any API must have it's caller with authorization bearer credentials decrypted outside of the scope of the client, and cannot be even sent the results of an encrypting/decrypting service (to protect the API user from theft).
If a private decryption method can hide the result from the public client caller (function), wouldn't a nice proposal be to have a new
globalfetch method that decrypts the Authorization headers of a W3C fetch request? This way we can have logic on the client (cloudflare edge service worker tokenize, no redirect nor digital ocean secondPOSTneeded, perhaps justGETfrom such a service hosting an API key to be held privately).Example and pitfall:
Here, the service decrypts instead of the potential new (fetch) private caller (method), but cannot decryption of the Authorization header be called by a method that is private from the client AND the
Network tab in Chrome devtools inspect, perhaps only when finally sending to HTTP (as I imagine the code, the data populating devtools happens within the block beforereturn)?