I'm trying to hide my api key, so it is no accessible for quota reasons. The api just retrieves data that is recipes, so no credit card details etc is going on.
Ive been working on this for the past few days all day/night since Im pretty new to php, but it seemed stackoverflow in general was saying there needs to be some sort of proxy. This is what I created and I would like to know if it is secure enough.
App.js
// I make an axios post request to script.php, passing along a 'searchfield' value. Lets say its "apples"
script.php
// receives the 'searchfield' value, then initiates a curl request to the api with my keycode/searchfield etc.
// This returns the response for apples which is an array of objects back to App.js
my script.php looks along the lines of this, anything Im missing?
$ch = curl_init();
$url = 'https://fake.com?api_key=1234';
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL,$url);
$result=curl_exec($ch);
curl_close($ch);