Damien Walsh Damien Walsh - 10 days ago 4
Node.js Question

angular2 and secret keys

I have been learning angular 2 and have been doing research on how to protect data within my app.

How, if possible, can you obstruct data from the front end of the app? Is it possible to serve the angular app through a node server, say using Universal Angular, which would mean variable values can be hidden from the user on the front end.

I am essentially looking for the solution of hiding private keys which will give the app access to various APIs/creating auth headers/paths. I've read a solution is to have an API bridge for the app - so I would connect to that to retrieve the data/keys - but then how do I protect that from access? Since that endpoint would then be exposed and could be abused, or if getting keys the response is visible. The idea of locking down to domain I have read is unreliable due to spoofing and locking to IP wouldn't work as its front end or through an app?

I feel there is a glaringly obvious answer that I am missing, any advice and help would be very much appreciated.

Thanks,
Damien

Answer

It's simple, when the server sends the data as response to a request, then the data can be accessed from the outside. If you don't want that, then don't send the data.

You didn't mention what problem you actually try to solve. For API keys you can for example do the request to the API on the server and provide an API on your own server for your clients and then make the server forward the requests to the actual API server.

Comments