⚠️ SECURITY ISSUE: Hide the RapidAPI key #10
Description
⚠️ HIGH PRIORITY ISSUE
The problem
The RapidAPI key is exposed in the code, which means that anyone can take it and do a large amount of requests, surpassing the free plan limit and causing financial problems to the owner of the key.
The solution
In development (local): create an environment variable (ex: RAPID_API_KEY), and assign your RapidAPI key as its value. Make sure the .env file is listed on .gitignore so the key don't gets exposed in the public repository. Learn more about environment variables in React on this article.
In production (Netlify): create an environment variable (learn more in the Netlify documentation) with the same name and value as the local environment variable.
Observations
This is not the ideal solution, because the key will be still present in the request and anyone will be able to see it on the DevTools network tab. The ideal solution would be create a backend to access the API with that key. But at least the provided solution is a best practice and removes your key from GitHub.
Contact
E-mail: roichmankill@gmail.com