weixin_33698043 2018-11-06 13:31 采纳率: 0%
浏览 353


I created a Restful API, a website (ReactJS/Ruby on Rails), and a mobile app(React Native).

I am using the API to show and process data on the website and the mobile app.

In the website, I am using jQuery AJAX requests that somehow looks like this:

...some other code
componentDidMount () {
  $.getJSON('https://example.com/api/v1/accounts?key=MASTER-API-KEY', (data) => {
      accounts: data.accounts
...some other code

In the mobile app, I am using fetch that somehow looks like this:

...some other code
fetch('https://example.com/api/v1/accounts?key=MASTER-API-KEY', {
  method: 'GET',
...some other code

The users also have their own API keys with limited privilege based on their user level.

I already have the validation to process the request if only they have sent a valid API key. But on the website and the app, I am using a master API key that has access to all.

I believe that this can be seen in the source file on the website and it can be reverse engineered in the mobile app.

The possible solution that I have for the website is to make the process in the server instead of using AJAX, but how can I access it on my ReactJS components?

For the mobile app, should I switch to using Swift/Java and make the request there instead of fetch?

  • 写回答

3条回答 默认 最新

  • weixin_33716941 2018-11-06 13:43

    This should work if you are developing on node (as i guess you are):

    using process.env by hackernoon




  • ¥15 我需要全国每个城市的最新小区名字等数据。
  • ¥15 开发一个小区生态的小程序
  • ¥15 MddBootstrapInitialize2失败
  • ¥15 LCD Flicker
  • ¥15 Spring MVC项目,访问不到相应的控制器方法
  • ¥15 esp32在micropython环境下使用ssl/tls连接mqtt服务器出现以下报错Connected on发生意外错误: 5无法连接到 MQTT 代理,如何解决?
  • ¥15 关于#genesiscsheel#的问题,如何解决?
  • ¥15 Android aidl for hal
  • ¥15 STM32CubeIDE下载程序报错
  • ¥15 微信好友如何转变为会员系统?(相关搜索:小程序)