Is it fine to expose api key?

luke.choi · May 18, 2021, 5:43am

Description
First, my English is not so fluent. (Please understand it.)

I test zoom api for my service with pure html, nodejs backend.
like below image, i wrote code. (left image is html code, middle image is javascript code using in html, right image is backend code.)

i used the dotenv package to not expose my api key in nodejs backend code.
but in zoom.js (middle image), as for as I know, to join zoom meeting, client side needs to api key.
like middle image, is it okay to expose api key in js file? (it’s okay hide only api secret? )

Thank you.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT

Screenshots (If applicable)

Additional context
Add any other context about the problem here.

luke.choi · May 18, 2021, 9:49am

I solved it by config.js!

alexmayo · May 18, 2021, 11:29am

Hey @luke.choi,

Welcome to the community!

To answer your original question, yes it’s fine to expose your api key, providing that the secret is hidden.

Thanks,
Alex

MaxM · May 18, 2021, 11:32pm

Let us know if you have any questions @luke.choi.

Thanks,
Max

system · June 18, 2021, 9:33am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Safe to use API Key in client side code? Web faq	2	461	November 27, 2021
Zoom gov api key and secret not working, but regular zoom api and secret are working API and Webhooks	4	721	January 1, 2021
Zoom jwt authentication API and Webhooks	2	594	August 10, 2020
Request Meeting on API Security API and Webhooks	6	786	August 21, 2020
Invalid API or Secret API and Webhooks	2	584	August 21, 2020

Is it fine to expose api key?

Related Topics