Hi,
Is there any method to encrypt the builder public key in builder. As far I know, if anyone know the builder public api key then he/she will be able to connect to the builder account
Regards,
Ankit Rastogi
Hello @Ankit,
The way we do it is pretty standard for content management systems. Having a public key visible in API requests on the client is standard, as well as being able to fetch content with that API key. That being said, if you want to lock everything down, you can choose to make all your models private. In that case, you would need to fetch all data from the server using a private API key. Here is a forum post that talks about how to do that
Hi Manish,
If I restrict my model then too I have to provide my private key in the Authorization header but when we go in the network tab of the browser then my private and public key both are visible. And you know there is limited bandwidth there and if anyone misused that api then he/she will fill the bandwith by continuously fetching the data in a loop. Please suggest anything that will resolve this issue.
Regards,
Ankit Rastogi
Hello @Ankit,
The suggestions to secure a Private key is
- Do this call from your back-end, and expose it to your front-end
- Add API HTTP referrer restrictions instead. Only requests from your domain make the call in (1)