How to add API security keys into JS of wordpress securely

You can’t. Any secrets you put into your pages or JavaScript can be read out of the downloaded files by the client.

Instead, you probably want to either:

  1. Move the secrets into your server-side code and have your server code make requests to external APIs using the secrets, and use WordPress nonces and login cookies to authenticate your client scripts to your server
  2. If you’re using a third-party service that users can authenticate against directly, set up OAuth or OpenID connect to get your users authenticated against that service. Then, your script can use the tokens returned by that (which are per-user) to request that service.

Related Posts:

  1. Renaming wp-content folder dynamically
  2. How to prevent XSS alter custom global javascript object & methods in WordPress
  3. security concerns if using html data-* attribute for l10n?
  4. $.ajax results in 403 forbidden
  5. Serve cookie free URLs in WordPress without using a CDN
  6. Retrieve $_POST data to send to javascript without using localize script
  7. How can I add an alert (like the old javascript alerts) to my WP page?
  8. Pass PHP variable to JavaScript without inline JS
  9. Show post in slider
  10. How can I output a php value into a JS file within WordPress?
  11. Evaluations of two wordpress security plans against php code injection attack
  12. Using shipped version of jquery
  13. Putting PHP variables into javascript [duplicate]
  14. Bridging TinyMCE js and WordPress PHP?
  15. Trying to implement Ajax comments in WordPress, getting WP error
  16. How to test nonce with AJAX – Plugin development
  17. How do I display a user’s previous orders as a select box option on a product?
  18. Simple Plugin with custom javascript wont work – no console error
  19. How does this WordPress Plugin (Thrive Comments) apply their custom comment sort? [closed]
  20. How can I use a modal window to display the current post in loops featured image?
  21. js file in root loading without
  22. class click counter save number
  23. Trigger popup in a php if/else statement
  24. WordPress custom login form using Ajax
  25. Slider loading issue
  26. AJAX request status 200 but no actual “response”
  27. Button not refreshing page
  28. Ajax not working es expected (Returns 0)
  29. Use menu link or onClick to set a variable
  30. How to select the contents in the text view textrea in wp_editor?
  31. Creating a Multi-Level Associative Object Using AJAX
  32. WP functions in .js
  33. Adding custom directory and PHP files in wordpress
  34. Ajax – Call to undefined function get_option()
  35. Detect session/cookie variable in wordpress to prevent access to documents
  36. Populate dropdown with Child Pages based on Parent Page chosen
  37. Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
  38. remove wp floating submenu in wp dashboard
  39. SQL Injection blocked by firewall
  40. Displaying admin notices inside the block editor from rest_after_insert_{$this->post_type} hook
  41. search and replace preword from author
  42. How to complete two other input fields, completed the first
  43. Status 400 for AJAX POST Request with admin-ajax.php
  44. How to inject variables into public-facing JS using wp_enqueue_script
  45. How to pass aa JS variable to PHP?
  46. Customize Theme comment template to Insert VoteUp and VoteDown buttons
  47. Ajax random number always the same
  48. Image upload via FormData API and AJAX is not working ($_FILES always empty)
  49. I have a problem in the order of enqueues while enqueuing stylesheets and scripts for a specific page in my function.php
  50. JS file work only in index page
  51. Need Help Fixing My Iframes [closed]
  52. wp_enqueue_scripts leads to error
  53. Javascript file is not working on single.php wordpress [closed]
  54. How to change redirection route to a php page for making it only accessible by logged-in members?
  55. Integrating PHP into Javascript to display map markers with Google API – problem with wp_localize
  56. Save Search System
  57. dynamic dependent select dropdown
  58. Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
  59. Passing UTM Parameters To Modify Page In WordPress
  60. Is it possible to increase php memory without directives in wp-config.php, .htaccess or php.ini?
  61. How to send Ajax request from my plugin in admin dashboard?
  62. Incorrect MIME type for assets with Valet
  63. Customizer: Multiple CSS styles on same element in Live Preview
  64. wordpress visual composer change grid builder post link
  65. Ajax load more button for comments wordpress
  66. How to register javascript variables in wp_localize_script?
  67. Open post-content in archive page in a Modal box with bootstrap
  68. Creating own shortcode – echoeing php variable based on JS variable
  69. How to add a do_action on refreshing of WP customizer?
  70. Cannot execute php files in wp-content
  71. How to pre populate a form field with a link of a current user’s author profile?
  72. parts of url disappear when using # inside href=”” [closed]
  73. How to pass Select value from Javascript to PHP to generate select option on change
  74. Menu jumping when calling it via PHP
  75. How does wp_enqueue_scripts work?
  76. wp attempt focus, disabling without touching core
  77. Setting value of session with Ajax not working
  78. AJAX success response is not working but it’s saving my changes
  79. PHP array to JS array to use in google map
  80. PhantomJS with wordpress
  81. How to add a Custom Mailchimp AJAX Newsletter Subscribe Form
  82. Media Upload , file name changed automatically
  83. Add / Update Custom Fields After Select Pictures in Media Window
  84. Post repeating with infinite scroll
  85. How do I get around “Sorry, this file type is not permitted for security reasons”?
  86. WordPress Scripts Being Loaded in Footer
  87. Fancybox type popup window that’s not an iframe
  88. Generate sidebar depending on height of post
  89. Accessing WPDB Multidimensional JSON Array w/ Javascript
  90. Security: blocking direct access of php files
  91. how to make my website secured
  92. How do I Import / Upload Files with jQuery AJAX?
  93. wordpress wp_enqueue_script() not working
  94. Redirect to another page using contact form 7? [closed]
  95. How to add specific meta tags to head of cart and checkout pages in woocommerce?
  96. Noscript not working as it should in wordpress site
  97. WordPress Ajax Call inserting data but success response false
  98. How to optimize the IF condition with many conditions and same output [closed]
  99. How to correctly add Javascript to this PHP ‘Page Not Found’ Page?
  100. Correct and safe way to include php content in my page
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)