I am trying to hide my client-side API Secret/Key for my website using the CDN Zoom Web SDK as a base (It is currently not much different than the download). I would like to address hiding API Key/Secret as described in the sample CDN:
var API_KEY = "YOUR_API_KEY"; /** * NEVER PUT YOUR ACTUAL API SECRET IN CLIENT SIDE CODE, THIS IS JUST FOR QUICK PROTOTYPING * The below generateSignature should be done server side as not to expose your api secret in public * You can find an eaxmple in here: https://marketplace.zoom.us/docs/sdk/native-sdks/web/essential/signature */ var API_SECRET = "YOUR_API_SECRET";
What is the best way of achieving this?
I have heard of the .env/.gitignore method. Is this level of security enough?
I have also heard of creating a backend server (using NodeJS) to make calls. I am not sure how to achieve this. If this is the method to go with, any direction on how to achieve would be very much appreciated.