InvisibleJim
Expert Member
- Joined
- Mar 9, 2011
- Messages
- 1,238
I think you misunderstand. Using client side javascript to make a rest request exposes where the source of the data is. I have seen n00bs who have exposed their entire website content sources including api keys using ajax, and didn't even know that the keys to the kingdom are just outside the door.
I've been struggling to understand how Jamstack sites deal with this - say a Gatsby site hosted in AWS or Azure storage in particular. If I recall, specialised services like Netlify have specific functionality to keep secrets secret this but I'm not getting how the keys should generally be secured when using normal cloud storage.