When the pure client (front-end page) uses the API of some services, how to protect the private key or prevent abuse?

want to do a translation extension of Chrome, using the youdao service, the page was crawled before, but it is not stable, so I want to use the paid service of youdao, but if I simply call youdao API at the front end instead of doing the server, what if I protect my private key?

all the plans I have thought about before, but they are all dissatisfied.

  1. do a layer of API proxy on the server side, which not only protects the private key, but also has certain restrictions on malicious calls, but it is necessary to post the user"s data to the server, and your own server is not necessarily stable.
  2. only the server provides an API, signature to generate the signature. The API, signature is generated through md5 (appKey+q+salt+ application key) ( reference ), but the data queried by the user must also be uploaded to the server.
  3. In the
  4. extension, users are allowed to configure their own api and private key, but this is too unfriendly for non-developers, and they have to apply for youdao"s api
  5. .

related links

Apr.07,2021

can only be done in the first way. If you want to have an API, it is not for the front end to call. Without the first way, you cannot solve the problem across domains

.
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e52719-276ee.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e52719-276ee.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?