Security of interface signature

for example, my backend provides a series of APIs for use by different clients (such as IOS, Wechat official account, Android). In order to keep the interface secure,
I imagine this design:
assign a key to each client. Each time the API is requested, the key and all parameters are combined into a source string, and the signature value is generated according to the signature algorithm. When sending the request, the signature is sent to the server for verification.

for the official account of Wechat, how to use js to safely save the secret key issued by the background? There is also that js can see the source code, so it will be seen according to the signature algorithm.
how should it be designed?
Thank you for your advice!

Mar.28,2021

CSRF to know: https://www.ibm.com/developer.


same story. I also wonder if the data on the js side is secure

.
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b353f8-2bf92.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b353f8-2bf92.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?