Hiding sensitive data during an API request #28284

alanakra · 2021-08-19T09:07:56Z

alanakra
Aug 19, 2021

I'm currently working on a form with Next.js whose data is sent to a Trello board via the latter's API.

This one works well, I have my data sent and I have a response, however I use an API key and a token that even stored on a .env file are visible on the HTTP headers which poses a security problem.

The other concern is that I am using Vercel for hosting which is serverless and cannot send information. So I wanted to know if you know of a cloud service that can handle this.

Hiding sensitive data during an API request from a serverless app

Update the question so it can be answered with facts and citations. This will help others answer the question. You can edit the question or post a new one.

Answered by logantai24

Aug 20, 2021

@alanakra instead of directly sending out sensitive data (API token) in frontend, you might consider using the api routes functionality of Nextjs?

Nextjs App (frontend)
Sends a POST request to an api route you created, which includes the form data.

API (Vercel Serverless Functions)
Retrieve the form data, send a POST request to the trello API and write that form data to Trello. Sensitive data is store in env which only exposes to this API.

By doing so, the sensitive data will not be exposed in browser as all the actual send form data to trello API logic is done within the API endpoint you created in the pages/api/ folder.

View full answer

logantai24 · 2021-08-20T12:15:53Z

logantai24
Aug 20, 2021

@alanakra instead of directly sending out sensitive data (API token) in frontend, you might consider using the api routes functionality of Nextjs?

Nextjs App (frontend)
Sends a POST request to an api route you created, which includes the form data.

API (Vercel Serverless Functions)
Retrieve the form data, send a POST request to the trello API and write that form data to Trello. Sensitive data is store in env which only exposes to this API.

By doing so, the sensitive data will not be exposed in browser as all the actual send form data to trello API logic is done within the API endpoint you created in the pages/api/ folder.

4 replies

alanakra Aug 20, 2021
Author

I'll try this way. Thanks

elouisramsey Jan 12, 2023

@alanakra were you able to achieve this?

alanakra Jan 12, 2023
Author

@elouisramsey Hello,
This was a project during my end of study internship in a company. I was able to do it, but I don't have access to the source code anymore.

afaqahmedkhan May 16, 2024

@elouisramsey were you able to achieve this?

elouisramsey · 2024-05-16T22:03:12Z

elouisramsey
May 16, 2024

Hello, ended up encrypting and decrypting the data on the FE and BE, that seems to work for now

…

On Thu, 16 May 2024 at 10:52 PM, Afaq Ahmed Khan ***@***.***> wrote: @elouisramsey <https://github.com/elouisramsey> were you able to achieve this? — Reply to this email directly, view it on GitHub <#28284 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AM6R57OOHKMSPF2BMU3C7MDZCUTAPAVCNFSM5CNYXH62U5DIOJSWCZC7NNSXTOKENFZWG5LTONUW63SDN5WW2ZLOOQ5TSNBWGMYTCOI> . You are receiving this because you were mentioned.Message ID: <vercel/next .***@***.***>

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Hiding sensitive data during an API request #28284

{{title}}

Replies: 2 comments 4 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Hiding sensitive data during an API request #28284

alanakra Aug 19, 2021

Replies: 2 comments · 4 replies

logantai24 Aug 20, 2021

alanakra Aug 20, 2021 Author

elouisramsey Jan 12, 2023

alanakra Jan 12, 2023 Author

afaqahmedkhan May 16, 2024

elouisramsey May 16, 2024

alanakra
Aug 19, 2021

Replies: 2 comments 4 replies

logantai24
Aug 20, 2021

alanakra Aug 20, 2021
Author

alanakra Jan 12, 2023
Author

elouisramsey
May 16, 2024