protect my backend with a key

Answered

Scaly-naped Pigeon posted this in #help-forum

Scaly-naped PigeonOP

2025-02-27T17:31:14.812Z

I want my next js app to only one that can call my backend api so I added this key inside the header and its working fine but when I inspect network tab in chrome the key is exposed , how can I hide that key header or is there another way of doing this

fetch(url, headers: {
        'backend-key': 'my-key'
 })

Answered by B33fb0n3

take a look in your network tab: (see attached). Here you have response headers and request headers. Check if the key is inside the response headers somewhere. When it's only in the request headers, then it's fine 👍

View full answer

12 Replies

@Scaly-naped Pigeon I want my next js app to only one that can call my backend api so I added this key inside the header and its working fine but when I inspect network tab in chrome the key is exposed , how can I hide that key header or is there another way of doing this `fetch(url, headers: { 'backend-key': 'my-key' })`

B33fb0n3

2025-02-27T17:35:08.345Z

when it's just in the request headers, then don't worry about it. It's just a normal clientside request and cant read by others when using SSL. if it's inside the response headers... then we can talk about it then. Lets check that first

@B33fb0n3 when it's just in the request headers, then don't worry about it. It's just a normal clientside request and cant read by others when using SSL. if it's inside the response headers... then we can talk about it then. Lets check that first

Scaly-naped PigeonOP

2025-02-27T17:38:47.226Z

so its exposed because i am using development localhost but when I go production it will be encrypted ?

I have a node js app separated from next js I made a header request to read that key and if its wrong then it sends a 403 error but when I call my api I can see the key in every response that I am calling on the browser