How to securely handle Memberstack's public API key in a React app without exposing it to clients? Answered

Post author
Edgar

Hi! Testing out Memberstack React API. So far, so good; however, I have a security concern when passing the public key as props in the Memberstack Provider component. The API key will be revealed on the client side when the React app is deployed. That poses a security problem.

One solution I was thinking of was to create a server in which we fetch the key from an endpoint; however, it's still at risk of being found if someone accesses the endpoint URL (like using the network tab in Chrome); what's a good way to hide the public key?

Comments

3 comments

  • Comment author
    Duncan from Memberstack

    Hey Edgar 👋

    I've contacted the team about this and will let you know once I hear back 👍

    1
  • Comment author
    Duncan from Memberstack

    Hi Edgar, great question!

    I need Tylers confirmation on this but, public key represents which Memberstack customer you are (so that we know which directory to check your users against). This is not confidential information, so there is no problem that this information can be seen.
    1
  • Comment author
    Edgar

    Hi Duncan from Memberstack, thanks! Appreciate the time and effort in answering this concern. Hope you have a great day!

    1

Please sign in to leave a comment.