Secure Ninox API calls
Hi,
I've just started looking into the Fetch API to make calls to the Ninox server from the Ninox client side (web app). I'm a bit worried about exposing the Ninox API Key this way.
Can anyone with experience tell us the best way to do this safely?
I saw in this post that you mentioned something about an external script. Could you tell us a bit more about this external script? Could you tell us how you put this script into practice?
Thank you all.
6 replies
-
Essentially you route the request to the ninox api through a script that you install on some machine you control. e.g. if you have a webspace, you would put a php script there, that you call from your nxscript code. in the php script you request the data from the ninox api. after receiving data, the php script returns this data to the nxscript's call.
since the php script's code is set to be unreadable (you must make sure of that), the api key is hidden from any attacker. unless of course, the php script or the machine it's installed on, gets hacked.
you can ask bolt.new or copilot to write the php script for you. but remember to double check what they give you. also, don't forward all requests to the ninox api through the php script unchecked. otherwise you expose too much data to the internet or you might get DOS'ed.
Content aside
- 2 mths agoLast active
- 6Replies
- 79Views
-
2
Following