-1

For example, my application uses IPFS, access to which I get through web3.storage. But for the web3.storage to work, you need an API token, for which I paid.

Where to store this token if everything is open source? On the frontend, anyone can see my token and start using it. In a smart contract it is impossible to process big data

The documentation says the following:

function getAccessToken () {
  // If you're just testing, you can paste in a token
  // and uncomment the following line:
  // return 'paste-your-token-here'

  // In a real app, it's better to read an access token from an
  // environement variable or other configuration that's kept outside of
  // your code base. For this to work, you need to set the
  // WEB3STORAGE_TOKEN environment variable before you run your code.
  return process.env.WEB3STORAGE_TOKEN
}

But anyone can easily debug the code and find out this token.

TylerH
  • 20,799
  • 66
  • 75
  • 101
Jor
  • 11
  • 3

1 Answers1

0

Where to store this token if everything is open source? On the frontend, anyone can see my token and start using it. In a smart contract it is impossible to process big data

There is no way around this problem. All frontend facing API tokens are stealable. You just need to monitor your API keys and rotate them when this happen.

In an ideal world, the users themselves would pay for their wallet that would then provide API access the payment, but this is not happening any time soon.

Mikko Ohtamaa
  • 82,057
  • 50
  • 264
  • 435