Hiding sensitive data during an API request #28284
-
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 4 replies
-
@alanakra instead of directly sending out sensitive data (API token) in frontend, you might consider using the api routes functionality of Nextjs? Nextjs App (frontend) API (Vercel Serverless Functions) By doing so, the sensitive data will not be exposed in browser as all the actual send form data to trello API logic is done within the API endpoint you created in the pages/api/ folder. |
Beta Was this translation helpful? Give feedback.
-
Hello, ended up encrypting and decrypting the data on the FE and BE, that
seems to work for now
…On Thu, 16 May 2024 at 10:52 PM, Afaq Ahmed Khan ***@***.***> wrote:
@elouisramsey <https://github.com/elouisramsey> were you able to achieve
this?
—
Reply to this email directly, view it on GitHub
<#28284 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AM6R57OOHKMSPF2BMU3C7MDZCUTAPAVCNFSM5CNYXH62U5DIOJSWCZC7NNSXTOKENFZWG5LTONUW63SDN5WW2ZLOOQ5TSNBWGMYTCOI>
.
You are receiving this because you were mentioned.Message ID: <vercel/next
.***@***.***>
|
Beta Was this translation helpful? Give feedback.
@alanakra instead of directly sending out sensitive data (API token) in frontend, you might consider using the api routes functionality of Nextjs?
Nextjs App (frontend)
Sends a POST request to an api route you created, which includes the form data.
API (Vercel Serverless Functions)
Retrieve the form data, send a POST request to the trello API and write that form data to Trello. Sensitive data is store in env which only exposes to this API.
By doing so, the sensitive data will not be exposed in browser as all the actual send form data to trello API logic is done within the API endpoint you created in the pages/api/ folder.