I'm planning to use HERE Fleet Telematics API. However I'm not sure about if it's okay or not to expose apiKey
What is the best practice to call the API? call it directly via client or make client calls to my backend server and have the server make request to HERE API ?
Thank you!
It is never a best practice to expose an API Key. Definitely make a call to a backend server. If you are using AWS, you can use a lambda and an API GW to set this up, that's just one way to go about it!
Additionally to apiKey exposing issue, client side will face the CORS supporting for HERE maps Fleet Telematics API endpoints.
Client side will not be able requesting and posting data due to the CORS.
Server in this case will play the proxy-server-role so that it be possible to work with Fleet Telematics API endpoints.
E.g. using server much more preferable.
