re: How to hide your API endpoints while making an electron app? VIEW POST

VIEW PARENT COMMENT VIEW FULL DISCUSSION
 

Let's say I'm using an API from UNSPLASH. They give me two keys. I use a "dotenv" file to store these as environment variables. Even If I make a build of it, that .env file will be in my app folder and hence that will be exposed to users.

 

You can't ship the env file to the users, you must, for example, have a server that'd act as a proxy.

So I have to make a server where the code for Unsplash API will work and set env variables there?

But what if it's an open source product and there is no way to monetize it. What then? 🤔

I think your best bet is to have a server. Your app calls this server and the server calls Unsplash and other APIs and returns the data.

But what if it's an open source product and there is no way to monetize it. What then?

Open source does not mean you can't possibly monetize it but let'say you really can't because of something. Can you work within a free tier of some service? Things like Google Cloud, zeit, heroku have good free tiers.

You might even be able to do everything within the context of a serverless backend, writing just a thin layer.

It depends on what you're trying to do.

Free tier can be great option.

You might even be able to do everything within the context of a serverless backend, writing just a thin layer.

Elaborate?

I meant that if the only thing you require is to call an API and get back the result you might not need to build an entire server side application, it might be enough to call a serverless function and let it do it for you.

For example, in this post @didil explains how you might go about writing an API to resize images. In his case he's using a Go library that processes the image but if he wanted (just for our sake) to call Cloudinary's service instead, he would call that, leaving Cloudinary's keys on the server.

Zero servers manually configured.

There's a lot of content here:

Then either you provide an unsplash proxy for free, you provide the unsplash proxy sourcecode/binary for anyone to host (and provide a way to configure the proxy target in your software), or you don't provide unsplash at all.

Another option would be to build it such that you request the end user to create an Unsplash API key, configure it in your application and use that instead.

That's right, this will work if the user has an Unsplash account which may be they don't. Thanks for suggesting though.

code of conduct - report abuse