I'm using JekyllCMS to develop a Content Management System (CMS), but as I do not know it very well and even after reading the documentation, I find it hard to "hide" some of the data I use in JavaScript . There are two cases:% of the Graph API and key of the < a href="https://mandrillapp.com/"> Mandrill . I use these two keys in my code to acquire feed from a particular Facebook page and redirect e-mails to a particular mailbox. How can I deprive the end user of access to these keys ?
How to do script access control with JekyllCMS
2
asked by anonymous 11.03.2014 / 07:53
1 answer
1
Hello, it's okay to make your APIKey available on the internet, Maindrill and Facebook you have the options of linking your APIKey to a domain or IP, ie that APIkey will only be used if the calls are from your allowed IP .
In Maindrill you will have the option: Only Allow The Key To Work From Certain IP Addresses and you will be able to use more generic, however, limited ones and you can use them from anywhere with the option: Only Allow This Key To Use Certain API Calls .
The same thing is repeated for Facebook .. You may have a list of domains / subdomains that will be allowed to make these calls.
It's important to understand that the APIKey concept is different from the secret key concept, I hope I've clarified your question.
11.03.2014 / 11:48