I see in this thread that hiding credentials from the front end of a website is not possible, but I was wondering if there was an option to restrict calls to a single domain? To prevent the possibility of another site linking to the same content.
Asked
Active
Viewed 641 times
1 Answers
1
Currently Contentful does not restrict requests by domain.
You use your api keys (which should remain a secret) to access your data.
I would highly recommend putting your requests behind a server so that you can keep your keys private.
Here is a tonic example where a node server has the access key set up as an environment variable:
Matt
- 129
- 3
-
Thank you. That's the answer I was looking for. Unfortunately, in my particular use case, putting the credentials behind a server is not practical. I was investigating using Contentful in correlation with the SaaS ecommerce platform - Bigcommerce, which only provides front-end access. Setting up an external server is a step I was hoping to avoid. – rjfrizz Jun 23 '16 at 16:03
-
Heroku is free: https://www.heroku.com/ You could create a simple man-in-the-middle server and hit your own instance on heroku. Then you would have your credentials secured without worry. – Matt Jun 24 '16 at 16:51