is this safe
Answered
Japanese flying squid posted this in #help-forum
Japanese flying squidOP
is it save to use the coinbase api token in the component like this
export default async function Home() {
const cookiesInstance = await cookies();
const cartCookie = cookiesInstance.get("cart");
if (!cartCookie) return redirect("/cart");
return (
<Button
onPress={async () => {
"use server";
!!!coinbase.Client.init(process.env.COINBASE_API!)!!!; // token
const charge = await coinbase.resources.Charge.create({
name: "order",
description: "a new order",
pricing_type: "fixed_price",
local_price: {
amount: existingCart.price.toString(),
currency: "USD",
},
metadata: {
items: items,
},
});
redirect(charge.hosted_url);
}}
fullWidth
color="primary"
>
Checkout
</Button>
);
}13 Replies
Completely safe
It's as safe as something can be
The second you did use server, that's on your server
Answer
@Japanese flying squid
If you ever do feel something might be exposed, just console.log it
If you see it logging in the browser, that means it's accessible on the client
If you see it logged in the terminal, it's in the server
Japanese flying squidOP
alr ty
@Japanese flying squid alr ty
Mark an answer if it helped
@Arinji The second you did use server, that's on your server
Australian Freshwater Crocodile
Yea exactly, you don’t pass the function down to the client per se, under the hood it becomes a sort of reference ID that identifies that resource in the server