What if you've learned how to post data to a CRM

via its API, written the little XHR to post data from a form and even managed to bypass the lack of CORS support but then you can’t use it because the API key is exposed when you send it as a required header for authorization. So you need to create a proxy on the server or something and submit the request from there instead of client-side except you don’t know how.

Can you put it on a floppy disk instead?

1 Like

All that effort just for a fucking CRM

@1101010 can you and your mates tell me how to keep the API key server-side

Alright, City High


I hate myself for understanding this.


On my fourth beer… Er don’t you just stick it in the code of your client?

Carly Rae Mepsen

1 Like

Sounds to me like the API should be served over HTTPS (with TLS 1.2 or later). That way, your API key will be encrypted as part of the whole HTTP packet instead of in plaintext.

The API key is literally just there in the JS

I saw this myself but it became too complicated too quickly

These are my initials actually so seemed weird to me at first.

No idea what a CRM is anyway

Well, that’s dumb!

store it in a variable called “notAnApiKey”, should do the trick

1 Like

Incidentally, you’re right, your only option is to use a proxy service that stores your API key. Not sure about *nix alternatives, but something like Paros Proxy would probably do the job.

1 Like