Is it fine to expose api key?

luke.choi · May 18, 2021, 5:43am

Description
First, my English is not so fluent. (Please understand it.)

I test zoom api for my service with pure html, nodejs backend.
like below image, i wrote code. (left image is html code, middle image is javascript code using in html, right image is backend code.)

i used the dotenv package to not expose my api key in nodejs backend code.
but in zoom.js (middle image), as for as I know, to join zoom meeting, client side needs to api key.
like middle image, is it okay to expose api key in js file? (it’s okay hide only api secret? )

Thank you.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT

Screenshots (If applicable)

Additional context
Add any other context about the problem here.

luke.choi · May 18, 2021, 9:49am

I solved it by config.js!

alexmayo · May 18, 2021, 11:29am

Hey @luke.choi,

Welcome to the community!

To answer your original question, yes it’s fine to expose your api key, providing that the secret is hidden.

Thanks,
Alex

MaxM · May 18, 2021, 11:32pm

Let us know if you have any questions @luke.choi.

Thanks,
Max

Topic		Replies	Views
Safe to use API Key in client side code? Web faq	2	570	November 27, 2021
How to hide API Key from ZOOM Web SDK Web	5	748	April 23, 2021
Zoom API key and secret required? API and Webhooks	6	1563	October 30, 2020
Hiding API Secret/Key - Question about using backend server/.env Web	12	1352	December 7, 2020
Storing Zoom secret key for a react web application? Web	2	393	November 1, 2020

Is it fine to expose api key?

Related topics