How to secure the JavaScript API Access Token?

by

Restrict Access with CORS

Make your web server return the access tokens on an ajax request from you javascript with CORS setup. Token can be captured with this method visiting your app.

Provide Tokens to Authorized Users

You can also add authentication on your webserver to provide limited access to the users you allow. Token can be captured with this method but only by authorized users.

Proxy Requests

The only way to completely protect that token is to proxy the requests through your server. Token cannot be captured with this method. Note that this may be against terms of service.

More Related Contents:

  1. Can we protect against SQL-injection by writing Javascript code correctly? how? [closed]
  2. Why does Google prepend while(1); to their JSON responses?
  3. AngularJS changes URLs to “unsafe:” in extension page
  4. How to prevent your JavaScript code from being stolen, copied, and viewed? [closed]
  5. How to reference static assets within vue javascript
  6. Leaflet drawing tiles disjointly
  7. Is JSON Hijacking still an issue in modern browsers?
  8. How to fix error “Failed to compile : ./node_modules/@react-leaflet/core/esm/path.js 10:41 Module parse failed: Unexpected token (10:41)”
  9. Why do people put code like “throw 1; ” and “for(;;);” in front of json responses? [duplicate]
  10. Leaflet- marker click event works fine but methods of the class are undefined in the callback function
  11. What good ways are there to prevent cheating in JavaScript multiplayer games?
  12. Is Javascript eval() so dangerous? [duplicate]
  13. how to make sure only my own website (clientside code) can talk to Firebase backend?
  14. What are the AES parameters used and steps performed internally by crypto-js while encrypting a message with a password?
  15. How to display Leaflet markers near the 180° meridian?
  16. Is there a way to use leaflet.heat in react?
  17. How to prevent direct access to my JSON service?
  18. Security Issues for allowing users to add own JavaScript to your site?
  19. Fix the upstream dependency conflict installing NPM packages
  20. Leaflet marker event fires at wrong time
  21. Why does Google prepend while(1); to their JSON responses?
  22. Click link inside Leaflet Popup and do Javascript
  23. Alternatives to JavaScript eval() for parsing JSON
  24. Disable drop paste in HTML input fields? [duplicate]
  25. How to send secure AJAX requests with PHP and jQuery
  26. Exploiting JavaScript’s eval() method
  27. Why is “javascript:” pseudo-protocol stripped from URL bar when pasted?
  28. Adding X-CSRF-Token header globally to all instances of XMLHttpRequest();
  29. Get height of iframe with external URL
  30. How to get a leaflet map canvas to have a 100% height?

Leave a Comment