Hiding the Answers API Key

Hi!

Developers will often store API keys and other sensitive information in .env files to avoid displaying them in their public repositories. I saw that in some of the Hitchhiker development guides that the API key is left directly in the code and not hidden. Is this there a risk in not hiding this API key?

Thanks!

1 Like

Hi @Aaron_Pavlick - we are going to cover this topic in office hours tomorrow!

Best,
Melissa

Hi Melissa, thanks for the previous reply - out of interest, would it be at all possible to share best practice on this topic please? It’s really useful information. Many thanks, Sam

Hey Sam and Aaron,

Generally you shouldn’t store any API key in a git repo, however, since you can open the network tab and see the API key on every request anyway (our Answers API is public), leaving the API key exposed in your repo isn’t really a big deal.

If you are using an API key that has any sort of write or admin access, however, then I wouldn’t publish that in a repo.

Best,

Daniel

1 Like

Thanks Daniel - The other alternative would be for a custom front-end deployment; not using the JS client-side, rather perhaps using the SDK server-side (node/express for example) referencing the API in a server-side script.

1 Like