Migrated from Redmine #108 | Author: Tim Print Status: Closed | Priority: High, I’m very impatient | Created: 2018-02-12
Hi.
I have some basic functionality working using the javascript JSON-RPC-client library but sending the API key in the .js file means anyone can see it and potentially access the API for my account.
the only way to not expose API key is server-side scripting. There is no way to hide it by javascript only unfortunately.
Please not, this key provide same functionality level as public booking site. So, it can be considered secure to expose it.