1
var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https://urlexampleapi.com",
  "method": "GET",
  "headers": {
    "Content-Type": "application/json; charset=utf-8",
    "Accept": "application/json",
    "appKey": "mykeyhere",
    "appToken": "mytokenhere"
  }
}

$.ajax(settings).done(function (response) {
  console.log(response);
});

Hi everyone, I want to make this request to a certain api, but I know that is insecure to pass my credentials on header. What would be the best practice to apply on this case? Any suggestion would be appreciated

Thanks!

gaby1990
  • 11
  • 2
  • It is insecure to use `http:`, period. Other than that, it depends on your threat model. For example, do you mind exposing your API key to the world? – SLaks Jan 24 '18 at 18:30
  • My guess is the api probably isn't even CORS enabled so that you don't go exposing your credentials in a browser Use a proxy on a server you control to make the request and keep your credentials out of public view – charlietfl Jan 24 '18 at 18:32
  • Sorry I forgot to put the s on the url. – gaby1990 Jan 24 '18 at 18:49

1 Answers1

0

You can prefer using https and other approach are mentioned in the following question

how-to-send-password-securely-over-http

RaM PrabU
  • 415
  • 4
  • 16