Hi!
Developers will often store API keys and other sensitive information in .env files to avoid displaying them in their public repositories. I saw that in some of the Hitchhiker development guides that the API key is left directly in the code and not hidden. Is this there a risk in not hiding this API key?
Thanks!
Hi Melissa, thanks for the previous reply - out of interest, would it be at all possible to share best practice on this topic please? It’s really useful information. Many thanks, Sam
Hey Sam and Aaron,
Generally you shouldn’t store any API key in a git repo, however, since you can open the network tab and see the API key on every request anyway (our Answers API is public), leaving the API key exposed in your repo isn’t really a big deal.
If you are using an API key that has any sort of write or admin access, however, then I wouldn’t publish that in a repo.
Best,
Daniel
Thanks Daniel - The other alternative would be for a custom front-end deployment; not using the JS client-side, rather perhaps using the SDK server-side (node/express for example) referencing the API in a server-side script.