How do we secure API Key when the application is deployed in public domain for everyone's use?

Vara_PrasadM_S · ‎04-10-2023

Hi All,

I would request information on how do we secure API Key. Our app should be working on public domain, I understand we cannot set referrers in our case.

Any suggestions would be very helpful.

Thanks in advance!

With Regards,

Vara Prasad

BryanMc · ‎04-11-2023

You could setup a small proxy to handle the API key for the requests. This will hide the key (although without a referrer anyone could still access).

Esri does have sample code for a proxy, but the code is retired now as they recommend one of the following approaches (from esri github page for proxy) although some still rely on having a referrer:

Enable CORS on the non-CORS enabled web server.
Use API keys to use services and access private content.
Configure your security settings in ArcGIS Online or ArcGIS Enterprise.
Access secure services using ArcGIS Online to store your username/password credentials