Geolocation client side requests: Key and ID storage

Question

I'm developing a small web-app to help users manage shopping lists.
One of the required features is the ability of the application to notify the user if a shop of the same category is near him/her.
To do so I'm using Foursquare API.

Said API needs a KEY and CLIENT_ID to make the request.
Requests are made by the client via some javascript.

Should I have the KEY and CLIENT_ID in the client-side javascript or should the script use my web-app as a proxy for requests?

If the former is the better approach how can I safely save the KEY and CLIENT_ID in the client-side script?

score 1 · Accepted Answer · answered Jan 26 '19 at 20:02

1

You cannot safely store the secrets in clientside Javascript. Hence you need to go with option 2: proxy via the server.

answered Jan 26 '19 at 20:02

marstato

4,538
2
15
30

Geolocation client side requests: Key and ID storage

1 Answers1