1

I am making calls to the Pipedrive API with axios in my React app like this:

axios.post('https://api.pipedrive.com/v1/deals?api_token=123thisissometesttokenblablabla456', {
    name: "test",
    id: 1,
}).then((response) => {
    console.log(response);
}).catch((error) => {
    console.log(error);
});

Since this is a frontend application this practice makes the api_token=123thisissometesttokenblablabla456 public to anyone looking at the source code with some browser developer tools for example, thus giving them complete access to my data in Pipedrive.

Is there any way to safely use the API token in a frontend application / without the need to set up my own backend?

I wish Pipedrive would let me configure from which domains it allows calls to the API, unfortunately that's not possible.

Dawesign
  • 643
  • 1
  • 7
  • 25

1 Answers1

3

Unfortunately, there is no safe way to do this in your circumstances other than setting up a backend service and storing it there as you mentioned.

Even if you could store the value securely, the issue you face is anyone would still be able to view the network activity happening on your website to get obtain the token.

Nitsew
  • 3,612
  • 1
  • 15
  • 20
  • Thanks for you answer! Alright, then that's what I'm going to do. Could you point me into the right direction on how to set such a backend up with Ruby on Rails? I have implemented some basic authentication functionality with it in the past but I guess if there is some article for example guiding me how to achieve what I have described in my question in the slimmest way possible, that would help me a great deal. – Dawesign Oct 15 '20 at 22:33
  • 1
    @Pixell I don't have a specific article or reference on hand for your exact use case despite having RoR experience. honestly, if you just need a backend to keep this token secure, I think RoR is overkill. You could program this out using Node.js in a fraction of the time and it will be lighter than standing up a RoR project. This article seemed interesting: https://www.twilio.com/blog/node-js-proxy-server I would do some googling for "How to build a Proxy server with Nodej.js". There are several articles and videos covering how to achieve this. Good luck! – Nitsew Oct 15 '20 at 23:31