I am designing an application which uses an API key provided to me by a company.
In order for me to make my application public, I need to hide the API key in my released product, because currently it is sitting in JS code and visible to all users.
My app basically provides real-time statistics, and is completely functional, but only at the JS level.
From my understanding, in order to hide my key, I need to do the following:
Client uses web app --> AJAX call to MY server --> Gets my API key --> AJAX call to company's server --> Return only the object from the company's server to the client web-page.
I have written PHP, JS, SQL, and HTML before so I'm FAMILIAR with the languages, but this chain of events seems a bit over my head.
Usually I buy books to understand this type of thing but it seems like a pretty specific example that some of you guys would be able to help me with.
Can anyone explain how this might be done, using layman's terms? I'm not completely stupid but my biggest roadblock here are the following two concepts:
- How can you AJAX call to a PHP page, and tell it to make another AJAX call to an external server?
- How do you execute that second AJAX call? Is it just another (hidden) js file?
The stats are provided in real time, so you type a name in, and it generates a graph on the page within less than a second. I want to keep it like this and not have the user refresh the page.
Thanks so much. Let me know if you need any more information from me.
