Ad

Securely Storing Auth Token In React Frontend

I am currently working on a single page react app. This app will not require any login and it will be publicly available. I am making a POST request to a webhook of another API that I do not have access to and that I do not maintain. This API required me to send an authentication token via the POST. I wonder how I can securely store this token so that it does not get out in the world. I need to send it as is so storing it in a cookie that a backend provides is not an option. Storing in in JWT will not work as I can decode that without the secret.

Is there even a way to store the token without exposing it to the world?

I hope the issue is clear, if not let me know and I'll explain better.

Thank you all for your time!

Ad

Answer

I would usually have a local Express server running and proxy the request through that.

You would set up a route in your Express app that you would POST to from your React front-end, this Express route handler then makes the call to the external API from the server side which has the token to put in the header. Then the response is returned to your React front-end without it knowing anything about the external API or tokens.

Ad
source: stackoverflow.com
Ad