0

I'd like to develop an firefox add-on that will require access to the Amazon Product Advertising API. This is granted by using private access tokens after signing up for it.

Now I was wondering if there is a way of keeping the access information private while still open-sourcing the add-on itself? I haven't found any information regarding this issue on the firefox developer hub.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
vallant
  • 1

1 Answers1

0

You need to get the calls forwarded from your backend using the hidden keys. Check nginx config for request forwarding.

vishwarajanand
  • 1,021
  • 13
  • 23
  • So i should redirect the searches of the addon users through my server? I'd never use a addon that does this, this is privacy-wise its a nightmare. There must be another way to deal with the problem. – vallant Feb 25 '20 at 13:46
  • Its easier to make keys difficult to extract rather than completely prevent from leaking. By methods to Minify or compile source. – vishwarajanand Feb 26 '20 at 15:45
  • Also your server need not be very heavy, just good enough to check auth in relevant traffic. Ideally you can use your server to create ephemeral keys, given amazon apis provide that. – vishwarajanand Feb 26 '20 at 15:48