0

I have a very basic single page portfolio site that I want to add an API.AI chatbot to. But I don't know how to secure the client access token associated with the agent I created through API.AI.

If this were a Node app, I'd just store it in an environment variable and access it with process.env. But it's just a basic JS front-end. I know I could technically set up an API key proxy server to process those requests through, but that seems like such overkill.

Can I secure sensitive access tokens without a server-side framework, or do I have no choice but to convert this project into a Node app?

Phaedrus Raznikov
  • 53
  • 1
  • 8
  • Normally with API keys, there is no real way to secure them from your side. What most services offer however is the ability to limit that key to a certain address, for example, look at [this question](http://stackoverflow.com/questions/39625587/how-do-i-securely-use-google-api-keys) on securing a google API key, I'm assuming this key would be similar. – George May 16 '17 at 07:15
  • Thanks @George, I ended up converting it to a Node application. – Phaedrus Raznikov May 20 '17 at 20:09

0 Answers0