0

I have a purchased license at fusion charts. Fusion charts document says here... https://www.fusioncharts.com/dev/upgrading/license-activation that i have to use this function call for applying license...

FusionCharts.options.license({
   key: 'KEY_GOES_HERE',
   creditLabel: false,
});

if i put my key in that anyone visiting my website can easily take it from view -> source of browser. how do i avoid it ? It is simple HTML website.

Joseph
  • 21
  • 5

2 Answers2

1

You can use either of the followings :

  1. Instead of passing the keys directly in JS code, pass them via the environment, application variables. And add the env file to gitignore

  2. Use Obfuscation for the key and JS code being used for license activation.

  3. You can store the value of the key in your database & and fetch the data value so that the end-user is unable to access it.

  4. If you know the domain/sub-domains where charts will be used, you can restrict the license keys to those domains by sending a request to sales@fusioncharts.com

Zapdos13
  • 855
  • 1
  • 8
  • 14
  • If i pass via any method... in the end i have to pass that key to the above mentioned function for the chart to recognize license. and that is available on source view. my question is there only... how to do this //Use Obfuscation for the key and JS code being used for license activation// ? any practical examples ? – Joseph Apr 19 '21 at 09:47
  • You can check any Obfuscation snippets in stackoverflow – Zapdos13 Apr 19 '21 at 13:26
  • https://stackoverflow.com/questions/194397/how-can-i-obfuscate-protect-javascript – Zapdos13 Apr 19 '21 at 13:30
0

As far as I know, there is no way to completely hide it from the frontend. The reason for this is that even if the key is hidden in some way when the request is made, the information has to exist and so the key could be found by looking at the request data.

What you wish to protect against determines how you should go about it. If you would just like to hide it from being picked up by webscrapers, then I would imagine encrypting it and then decrypting it before you send would be sufficient.

If you would like to protect against anyone stealing it, then the only way is to have a server act as a proxy. You would make a call to an API which would then use your API key on the backend, away from the prying eyes of users. Your backend API would then just return to the user the response from fusioncharts.

Hive7
  • 3,599
  • 2
  • 22
  • 38