This tutorial shows how to build a NodeJS API Key Relay. You can create a route for each of your projects or keys. It also demonstrates how to build a simple REST API with Node & Express.This solution keeps your API keys out of your frontend code and your GitHub repository. If you are looking for a quick solution to just hide your API keys from GitHub for a student project or similar, consider watching my previous tutorial on hiding API keys without dotenv: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-2J3xbMkH2K4.html
Thank you so much for your responses! I was able to follow your tutorial just fine. Excellent, very well done. I am subscribed to your channel - you are quite the resource for information! Check your email when you get a chance.
Thanks for another very good coding tutorial Dave! I was stuck for a while with a nodemon error which was pointing at require node-fetch. Went to npm and found that node-fetch v3 doesn't support require. So, if anyone wants to still use require with node-fetch looks like v2 should be downloaded....... 'npm install node-fetch@2'
Hi Dave, Just to say thanks allot for this well explained video, just about to use it now to implement this solution. Really well thought out and enjoy the pace as well, as i embark to putting this in for a web app that requires 3 API`s! 😅 Also last but not least just a quick shout out to all those using NodeJS V18 and above, that ' require ("node-fetch" ' is not needed as it is built in from now onwards. 👍
Hi James, this is a request relay - kind of a like a team of runners hand of a baton. With a relay like this, your frontend app sends the needed information to the backend relay. The relay takes the information and injects the API key needed by the 3rd party API. Then it sends it on to the API. The relay then receives the API response and hands it back off to the frontend app. My search request is just an example. Supply your request and relay it to the API. I hope that helps!
Hi Dave. Brilliant video. I struggle a bit with sending my post request body. I can’t grasp how to send information inputted from my html element to my api. Like typing and name of a city and then searching for weather data for it. Any ideas on that? Need to be a post request unfortunately.
D.R.Y. is an acronym for "don't repeat yourself". If you find yourself using the same code in more than once place, write a function that you can call so you only write the code once.
Brother it's cool ,I mean in react server ( not local host server) .env not working so that's why this way is very cool , but in recat first i creat .env file and write code REACT_SECRET_APP_KEY=123456abcd Then my index.js folder call it like {process.env.REACT_SECRET_APP_KEY} then I push it GitHub still show .env file in GitHub account that's why in . gitignore file add .env file after that I push it's work fine so my first question is which code i use I mean with .env and . gitignore method or today video you show that's way ?? My 2nd question is in index.html page action tag use some api key so that's key how to hide using .env beacuse it not react project so I can't do that pls help ??
I'm not sure I understand all of your questions, but here's the general idea: 1) Never push your .env file to Github 2) Instead, it should always be listed in your .gitignore file to avoid #1 3) Do deploy your project from Github and then provide your host with your environment variables 4) The above 3 steps apply to ALL projects no matter the code type used
Awesome - I have watched this a few times now to digest everything. However, is CORS really enough to secure this new back-end endpoint? If a malicious actor wants to use your API from their own Postman or other non-origin script, what's to stop them? Thanks in advance for any guidance!
Good question, Mike. It's been long enough, I don't exactly remember the details of this video - but I do remember the CORS implementation shown in my Node JS course: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-f2EqECiTBL8.html - In that version, we have a list of approved origins, and if the domain is not in the list, they are blocked by CORS. The course also dives deeper into authentication and authorization if you are interested.
@@DaveGrayTeachesCode yes in terms of general intelligence but has a much quicker Input and Output response time compared to most humans…except for you lol
