want to do a translation extension of Chrome, using the youdao service, the page was crawled before, but it is not stable, so I want to use the paid service of youdao, but if I simply call youdao API at the front end instead of doing the server, what if I protect my private key?
all the plans I have thought about before, but they are all dissatisfied.
- do a layer of API proxy on the server side, which not only protects the private key, but also has certain restrictions on malicious calls, but it is necessary to post the user"s data to the server, and your own server is not necessarily stable.
- only the server provides an API, signature to generate the signature. The API, signature is generated through md5 (appKey+q+salt+ application key) ( reference ), but the data queried by the user must also be uploaded to the server. In the
- extension, users are allowed to configure their own api and private key, but this is too unfriendly for non-developers, and they have to apply for youdao"s api .
related links