0

Hello i've been working in an electron application, and decided to add an feature that complete faucets like the cryptocurrency ones that you need to solve an captcha and get rewarded X amount in crypto, i am making an api request to the website in which i want to claim the faucet, then communicating with the 2captcha API to solve the captcha but i need to especify my apikey in order to communicate with the 2captcha API and as im going to distribute this product i dont want anyone to unpack my app.asar and find out what my apikey is or anything like that, what is the best workaround or what should i do in this case to hide this sensitive information?

this is what communicating with the captcha API looks like by the way

const solver = new Captcha.Solver('apikey')
user132741
  • 15
  • 3
  • Note: i know i could try to communicate with the api on the backend but the captchas have an limited time to solve and need to be solved fast and i think if do it by communicating through an back end proxy it would take a couple more time to get the response wont it ? thanks anyways in advance for any reply – user132741 Apr 10 '22 at 02:11

1 Answers1

0

instead of hardcoding api in application side try to add one more layer in between application and services you want to use through api .

e.g ask user to register on your own portal and then ask him to login. once you have authentic user make api call to fetch all sensitive information using this method you will avoid the hardcoding sensitive information.

once in while i was also looking for this solution but didn't found satisfactory solution so meanwhile you can use other tricks to get your work done and if you find solution please update in answers so that we will also be aware of it.

cheers ! thanks

JHM16
  • 649
  • 8
  • 12