How do I protect API keys used to authorize an iframe-based client?
I’m building a service composed of a backend API and an embed-able, iframe-based, front-end client. Only authorized customers should be able to access the backend API via the iframe embed. My plan is to give paying customer’s an API key.
B… Continue reading How do I protect API keys used to authorize an iframe-based client?