How to hide your API keys SAFELY when using React

Поделиться
HTML-код
  • Опубликовано: 27 ноя 2024

Комментарии • 280

  • @tumpelo22
    @tumpelo22 2 года назад +35

    Doesn't app.listen() accept the PORT constant, or why do you put it as number 8000 if it is already defined as constant :P

    • @aniakubow
      @aniakubow  2 года назад +53

      Oh no oooooops! Good catch! You are 100 percent right, I clearly wasn’t paying attention hahah. I will pin this so people know not to bother writing 8000 when you can just use the constant PORT. 🙌🙌

  • @owenwexler7214
    @owenwexler7214 2 года назад +15

    This video is mandatory viewing for anyone making a frontend web app that connects to an API or backend of any sort.
    Remember guys: the best way to store secrets and credentials in your frontend is to NEVER EVER store secrets and credentials in your frontend.

  • @jamesdouglaswhite
    @jamesdouglaswhite 3 года назад +38

    Extremely useful tutorial, thank you. Finally someone who understands a newbie's need for explanation of the fundamentals that seem so confusing when trying to figure it out for ourselves.

    • @aniakubow
      @aniakubow  3 года назад +4

      Thank you so much!!

    • @LorenzoJimenez
      @LorenzoJimenez 2 года назад

      @@aniakubow Well deserved!

    • @aniakubow
      @aniakubow  2 года назад +3

      @@LorenzoJimenez thanks so much 😄😄

  • @jameshansen801
    @jameshansen801 3 года назад +7

    I've been searching for a clear tutorial like this for weeks, thank you so much! The CORS issue has been driving me crazy. I enjoy the sound of your voice, as it makes it easier to concentrate, and I loved the way you explained everything. Again, thank you! :)

    • @lucasdesouza3658
      @lucasdesouza3658 2 года назад +1

      Keep in mind that for production you should probably specify the origins the allow through cors. In her example she opens it up to any source which is also a small vulnerability. You can also serve the react app from the backend and leave cors blocked. That way only your front end can call you apis and not a clone site.

    • @jameshansen801
      @jameshansen801 2 года назад

      @@lucasdesouza3658 Thank you so much! I just stumbled across that concept yesterday! This whole CORS thing has been so confusing. If you know of any kind of developer's security building checklist resources, it would be very much appreciated :)

  • @LorenzoJimenez
    @LorenzoJimenez 2 года назад +35

    Very nice, you created a proxy. I know that is just an example, but I prefer to separate the proxy code in another project. Then add security rules that your API can only be called from your domain, and other measures to avoid denial of service attacks.

  • @nicoladc
    @nicoladc 2 года назад +32

    Really good tutorial, however I find missleading to say that this will prevent someone from using the paid API and use your money.
    This will only secure your API key, but if someone calls you API thousands of times you will still have the same problem, even if you didn't compromise you API key.
    If you really have a paid service behind an API I would strongly recommend to limit its use with throtling and user authentication, unless you are willing to take the risk of getting unusual traffic.
    Really good tutorial :)

    • @juandavidlandazabal5974
      @juandavidlandazabal5974 2 года назад +2

      Just adding a origin cors in the server side is enough to avoid this issue, so only from your own domain you can call the API

    • @MarcStober
      @MarcStober 2 года назад +14

      CORS prevents people from being scammed when they’re using a browser. However it doesn’t prevent someone malicious from calling your API outside of the browser. Overall it’s a good tutorial but it should mention there is more needed to be completely secure.

    • @salehaleit1501
      @salehaleit1501 2 года назад

      rate-limiting is fairly simple to implement with express, for bigger scale applications a WAF such as Cloudflare are very good solutions

  • @JamesQQuick
    @JamesQQuick 3 года назад +4

    Love it!! Great work Ania :)

  • @some_dude_on_the_internet
    @some_dude_on_the_internet 2 года назад +4

    Nice to see steps to this setup. NextJS supplies "backend"/api routes outta the box w/o the need to rig it up yourself which is kinda nice.

    • @Meuhandle
      @Meuhandle 2 года назад +1

      Yeah, actually a huge point for nextjs for this use case.

  • @victorekea
    @victorekea 4 месяца назад

    This video should have a million likes! Thanks Ania.

  • @Zzaa01
    @Zzaa01 2 года назад

    I was looking for another video of yours and so happen to stumble upon this one and was like maybe I'll watch for a second. But I'm so glad I stumbled on this today! I will finish bootcamp next week and start a real job in a few weeks yet none of the instructors mentioned anything about how you can find the API key in the inspector tool! LOL Glad I know now!

  • @radupopescu2370
    @radupopescu2370 3 года назад +34

    Never use front-end for sensitive data calls, always let the back-end handle those in a secure way. So learn some back-end and all will be good in your apps.

    • @aniakubow
      @aniakubow  3 года назад +9

      Yes I agree :) hopefully this video helped in that

    • @radupopescu2370
      @radupopescu2370 3 года назад +2

      I'm sure it did.All your videos are great and you explain in a way that's easy to understand.Thank you for the effort!

    • @FilipposSdralias
      @FilipposSdralias 2 года назад

      @@aniakubow this video helped a lot!!!

  • @arulmuruganK94
    @arulmuruganK94 2 года назад

    Thank you kaleeshi, you saved my kingdom. I was repeatedly asked about this in my interviews.

  • @twilkpsu
    @twilkpsu 2 года назад +1

    Have not watched this one yet, but Ania is solid and a master thumbnail marketer! 😉. Bravo!

  • @abhinandankhilari9729
    @abhinandankhilari9729 3 года назад +33

    One question - How to deploy this setup (frontend + backend) on hosting platforms like Netlify, Heroic, etc. for a working demo? Am I missing anything?

    • @CptUhudini
      @CptUhudini 8 месяцев назад +1

      I would also love to know that

    • @zmarc-
      @zmarc- 4 месяца назад

      you deploy them seperately. effectively two different sites

    • @dannny6019
      @dannny6019 3 месяца назад

      @@zmarc-I just figured this out. I was deploying the whole thing on netlify and expecting it to work but I just had to load the backend and frontend seperatly.

  • @elmatito5456
    @elmatito5456 3 года назад +3

    amazing, thank you so much. Im a little bit lost though on hoy to deploy this, since the backend needs to be in another location

  • @jeremy_s
    @jeremy_s 3 года назад +3

    Ideally you wouldn't even store any sensitive keys in your repo, especially in a commercial codebase with several/many engineers working on it. Depending on what infrastructure you use to host your backend, a better solution would be to store any secret values securely (not in plain text) and pass these values through at runtime.
    For example if you were using serverless functions with Azure, you could store your secrets in Azure Key Vault and retrieve what's needed when the function is executed (same concept for other cloud providers). This way your secrets are encrypted and secured properly while not exposed within your repo, on your server or to any team members who don't need to view these values.

  • @novusnota42
    @novusnota42 3 года назад +1

    Plot twist: Ania just woke up after a nightmare about having lost all her keys and immediately proceeded to record a video, big respect.

  • @ingeniodigital7414
    @ingeniodigital7414 2 года назад

    Awesome quality content. The sound and speed of your voice makes easier to follow and understand every concept.

  • @the_bestsoccer
    @the_bestsoccer 9 месяцев назад

    This is the best explanation so far, even tough i use VueJS, but the code so far is still the same and can be used in VueJS. Thank you so much, keep going like this, okay?! 💪😎

  • @themsaid
    @themsaid 3 года назад +3

    Great Video!
    Some call this pattern "Backend for Frontend" or BFF. It can be used to store authentication tokens in the backend instead of the browser cookies or local storage.

  • @frenchcoder-developpementw2429
    @frenchcoder-developpementw2429 2 года назад

    You can also paste it in your package.json to hide your source code from the Chrome Dev Tools : "scripts": { "build": "GENERATE_SOURCEMAP=false react-scripts build" }

  • @IamSH1VA
    @IamSH1VA 3 года назад +7

    *This tutorial is really really useful and Important.*
    I was using env for react unsafe way , thanks to you now I know safe way.
    Again thanks 🙏😊

    • @aniakubow
      @aniakubow  3 года назад +1

      I’m so happy you found this useful! Yes , I really wanted to show why it’s not safe to store API keys on the frontend too :) thanks so much for your kind words and support

  • @IAmOxidised7525
    @IAmOxidised7525 3 года назад +2

    use a reverse proxy to store API keys , and make actual API calls from there,
    Request structure:
    Client -----> Reverse Proxy --------> Backend
    React ------> API keys stored here -----> Backend that use API key
    Reverse proxy can also be used to remove some headers like X-powered-by , rate limiting , as a load balancer etc.

    • @OliverK-XY99
      @OliverK-XY99 3 года назад +1

      Hey. Can I have your discord? You seem to understand these topics. Im looking for some assistance...

    • @OliverK-XY99
      @OliverK-XY99 3 года назад

      So what is your discord?

    • @sephirot7581
      @sephirot7581 3 года назад

      Reverse Proxy to store api keys? That doesnt really make sense. You would store the key in the backend itselft or any store management, etc. You can use a revese proxy to centralize your authentification and authorization concept.

    • @kuroexmachina
      @kuroexmachina 2 года назад

      bruh just use kubernetes or AWS secrets lol

    • @sephirot7581
      @sephirot7581 2 года назад +1

      @@kuroexmachina lol, this has nothing todo with the problem?

  • @rfgonzalezweb
    @rfgonzalezweb Год назад +1

    awesome content!! question: can I use this technique on the development of a chrome extension too? if not, what do you recommend? thank you

  • @neoswann2143
    @neoswann2143 10 месяцев назад +1

    So if I had to deploy the app, is the backend automatically deployed with production build?
    or does it have deployed separately?
    If so can you demonstrate how to properly deploy your frontend and backend to correspond properly.

  • @hustle4837
    @hustle4837 3 года назад +10

    I've a question. Someone can still inspect and see request URL (back-end endpoint). Even though API calling process happens on the backend, any one can use that endpoint to make request and get the response back. Yeah, they will not able to get API key, But they can make requests using our backend endpoint. Isn't it? How to solve that?

    • @aniakubow
      @aniakubow  3 года назад +20

      Great question! And you are right, this can still happen. For this you need a few extra steps including request limiting and auth- this video is just how to hide your api key. :) I can make a video on this if you would like

    • @RobertThomasrob_thomasa10
      @RobertThomasrob_thomasa10 3 года назад +4

      @@aniakubow Yes please!!!

    • @owenwexler7214
      @owenwexler7214 2 года назад +2

      If you’re using NextJS you can use NextJS’ built-in API routes as a proxy to call your actual backend from and hide your backend’s URL and credentials in server-side environment variables (NOT prefixed with NEXT_PUBLIC_ in other words). Or if you are only getting info from an external API just use Next’s API routes, which are same-origin by default and can only be accessed by your frontend. This is actually a very good use case for NextJS as a framework.

    • @homy3484
      @homy3484 2 года назад

      @@aniakubow Yes please, that where so awesome!

  • @SamzehGFX
    @SamzehGFX 2 года назад

    Awesome video, really great showing the benefit of feeding your api requests through a nodejs backend!

  • @brandon14125
    @brandon14125 3 года назад +8

    This is why I wish web development would move away from putting so much application logic into a frontend app. Anything on the frontend is visible by the user. Any validation in your front end app just be replicated in your backend logic if you want it to remain secure.
    I miss minimal frontend apps.

    • @PhilipAlexanderHassialis
      @PhilipAlexanderHassialis 3 года назад

      And this is why SSR is getting traction: you get the best of both worlds.

    • @prezire
      @prezire 2 года назад

      @@PhilipAlexanderHassialis are SSR's really needed? IMHO there is traditional MVC, which already looks good. what's your opinion about MVC vs SSR?

  • @trtlphnx
    @trtlphnx 3 года назад +3

    Damn I Love Your Incredible Tips and Strategies ~
    Love You Ania, And ALL You Do For Us ~

  • @dr.downvote
    @dr.downvote 3 года назад +1

    Absolutely beautiful. The video is good too.

  • @emanuelal.6490
    @emanuelal.6490 2 года назад

    Great tutorial! Greetings from Argentina 👋

  • @junovue
    @junovue Год назад +1

    so my main issue is that i want to deploy this to github pages and use fire base for authentification. if we store this inside of .env variables, don't we then have to push the .env file to github? and how is that secure? is storing it in the back end really allowing web users to not be able to read those variables?

  • @priopambudi9533
    @priopambudi9533 3 года назад

    Thank you Ania! I'm just confused to handle the key in the frontend, and you're very helpful!

  • @ping9646
    @ping9646 2 года назад

    Thanks for a very very good step by step video for such an important topic. I will come back to your channel for more insightful react tips 👍

  • @CharlieAligaen
    @CharlieAligaen 10 месяцев назад

    Great Tutorial! Need to change your smoke alarm battery, though. 😁 10:19

  • @TheRemiRODRIGUES
    @TheRemiRODRIGUES 2 года назад +3

    Thank you Ania !
    But it can't be only deploy on github pages, netlify, ... and other client side host, isn' t it ?
    With this solution the code should be deploy on Heroku, AWS, or other server side host, isn't it ?

  • @xfire4267
    @xfire4267 3 года назад +1

    Hello Internet Ania. 🙋‍♀️
    Thank you for this video. I have learned a lot.

    • @aniakubow
      @aniakubow  3 года назад +1

      That’s so good to hear 😄

  • @whatnow1194
    @whatnow1194 3 года назад +1

    this was really helpful
    definitely will be using in my projects

  • @AbhishekSharma-rs9ub
    @AbhishekSharma-rs9ub 3 года назад +1

    Love form india ❤️
    Amazing tutorials 👌👌
    this is helpful for me 🙏🏻🙏🏻

    • @AbhishekSharma-rs9ub
      @AbhishekSharma-rs9ub 3 года назад

      @Code with Ania kubó ❤️❤️

    • @aniakubow
      @aniakubow  3 года назад

      @@AbhishekSharma-rs9ub Careful, that is a bot impersonating me - I have now blocked them and reported :)

  • @aleihnad
    @aleihnad 3 года назад

    With next js because the server side is more easy i think, but your video is so helpful. Regards from chile (sorry for my english)

  • @zakhariihusar6975
    @zakhariihusar6975 3 года назад

    Nice topic 👍. Often was wondering about safety of API keys

  • @peoplecaringsharing
    @peoplecaringsharing 2 года назад

    Superb helpful info sharing as superb beauty you are ! Thanks a lot.👍👍👍😊

  • @alexvel4414
    @alexvel4414 3 года назад +6

    Thanks for the video, but i still don't get it. The api key maybe secure now but... What is stopping someone from making requests directly to your backend and using up all your quota for free. He does not even need an api key now, just the url of your backend. What can we do for this?

    • @amolsingh5882
      @amolsingh5882 3 года назад +2

      Cors will stop those requests I believe

    • @alexvel4414
      @alexvel4414 3 года назад +2

      @@amolsingh5882 why stop the others and not your own frontend then? Did the video include some way to whitelist only your own app? If i understood correctly it even included a cors plugin in the backend to allow such requests.

    • @TheRvh70
      @TheRvh70 3 года назад

      @@amolsingh5882 Cors is only enforced by the browser. It doesn't stop people calling the backend directly via curl or postman for example

    • @aniakubow
      @aniakubow  3 года назад +1

      There are a few more steps you would need to do for this. This video is just about making sure people don't steal your API key. :)

    •  2 года назад

      @@amolsingh5882 No, cors won't stop. Just set origin in Postman and done.

  • @fitnessmind8638
    @fitnessmind8638 2 года назад +1

    plz any one help to explain which extension give automatic snipets in this tutorial

  • @frenchcoder-developpementw2429
    @frenchcoder-developpementw2429 2 года назад +1

    The problem with this technique is that if the attacker calls your backend API, they can simply retrieve the data returned by your backend!

    • @talljohnpaul
      @talljohnpaul Год назад

      I was thinking the same. Also what happens when you host your repo to a place like Netlify, it would build the repo then would build a Back end from that index.js? Thats pretty cool.

    • @Mark-ic4hl
      @Mark-ic4hl Год назад

      Cors

  • @martinmiguez6153
    @martinmiguez6153 2 года назад

    Great, thanks for sharing what you know! I just asked myself, when the build is made to production, it also does it with this backend file? Thank you

  • @amolsingh5882
    @amolsingh5882 3 года назад +1

    Great video as always.
    I have 1 doubt - how is the deployment done. I mean how is the code packaged for, let's say a Docker image ?

  • @acomathes
    @acomathes 2 года назад +1

    Thank you for the video! One thing I don't understand though. Will it still work when we build the frontend project statically, deploy it on a VPS and also get the backend's index.js running on that VPS? When a user opens our published static frontend, will the localhost then will be relative to the user?

  • @zubairlohar3557
    @zubairlohar3557 3 года назад

    Doing awesome job Queen 👑

  • @rohan_webdev
    @rohan_webdev 3 года назад

    Thanks Ania,👍 it was super helpful.

  • @BeeAttack
    @BeeAttack 2 года назад +2

    Does this mean intruder can call back end api without any key and back end api will automatically put the key ? so how secure? or I misunderstood.

  • @FilipposSdralias
    @FilipposSdralias 2 года назад +1

    Thanks Ania! It is a very helpful tutorial! You saved my day!
    I was wondering how we can move the index.js file under an api forlder so we can deploy as serverless function (for use on vercel, netfly etc)

    • @aniakubow
      @aniakubow  2 года назад +1

      Thanks so much! You can move the file to an api folder - however, you might have to rewrite the code :) I have a tutorial on writing your own Netflix serverless function if you want to check that out 😊

    • @FilipposSdralias
      @FilipposSdralias 2 года назад

      @@aniakubow Thanks! I did! It is pretty understandable from beginners' perspective! Thans for sharing! About the last question, I did move it and it work but I need to make some code adjustments as you mentioned! Thanks again!

  • @hcivelek
    @hcivelek 3 года назад +1

    Thank you for this clear video. Very helpful. I wonder that after creating a small backend here, how do we prevent outsider usage. We hid the key but open the door completely. If they use our backend, instead of stealing our key, we may see the big fat bill anyway.

    • @aniakubow
      @aniakubow  3 года назад +8

      That is a great question! There are other steps to do this that I can make a video on, including request limiting and making sure the API is used only on your domain etc. Watch this space :)

    • @marcelo123456789lope
      @marcelo123456789lope 2 года назад

      @@aniakubow are you talking about CORS? How to apply this domain restriction???

    • @stvfun810
      @stvfun810 2 года назад

      The domain restriction will only work for web, how do we ensure that the API can be called by our mobile app only

    • @homy3484
      @homy3484 2 года назад

      @@aniakubow First of all, thank you so much for this great tutorial. That would be so nice if you could also make a vdeio. I have this exact problem but can't get it solved with acces cotnrol, ip white list or cors. I do not know how to do it, because always another IP of the user accesses.... It would be super sweet of you to make a tutorial on this. Many many thanks! :)

  • @bgill7475
    @bgill7475 3 года назад

    Thank you very much.
    Your videos are so good and informative :)

  • @josephwong2832
    @josephwong2832 3 года назад

    awesome Ania

  • @AdrianClaudiuDima
    @AdrianClaudiuDima 3 года назад +1

    Even if you expose your API key, you can configure the sever only to allow calls from your domain.

    • @shaunlobsinger
      @shaunlobsinger 3 года назад

      I’d be careful as some services may not offer that. If you’ve ever exposed your API key assume it is not safe anymore and reissue it from whatever service your using.

  • @williamkmp9998
    @williamkmp9998 3 года назад +3

    Hi thank you for this video it helped me A LOT, I'm just beginning to understand backend and API and I am wondering aren't malicious people can still make request and use the api key by inspecting the frontend code, find the url to the backend and then do many request to the server? I'm having trouble trying to work this out thank you. Sorry for my broken english I'm not too fluent.

    • @aniakubow
      @aniakubow  3 года назад +3

      Wonderful question - there are other steps you can do to increase security like request limiting, making sure the API is only used with your domain - I can make a video about this too / not just hiding your API key :)

    • @williamkmp9998
      @williamkmp9998 3 года назад

      thank you so much this is so helpful.

  • @LaFCueva
    @LaFCueva 2 года назад

    Thank you so much!!!! This was super useful!

  • @andreifish6818
    @andreifish6818 3 года назад

    With this approach you are creating a server, without any auth, which leads to: consumer, who knows the url of the service, may use this API to request data, which you are encapsulating. (Which apparently doesn't really fix the issue, but adding you a bit more cost to host this server. Plus you are making it easier).
    It can help only if you are hosting both client and server on the same isolated instance, but this may look like an overhead.
    You may create an interceptors on the instance, which will wrap your specific requests with data you need.
    For e.g. AWS Cloudfront has that functionality OOTB, but if you are creating an instance without any cloud services - you can do that even by system utils.
    Maybe I've missed something, anyway, thanks for highlighting this problem 👍

    • @aniakubow
      @aniakubow  3 года назад +3

      This video is just for keeping the API key safe as per the title :) - if you would like a video about auth or request limiting etc I can make a video on that :) I find just tackling one frequently googled question per video is a good format to have, but maybe I am wrong - who knows

  • @losVamonos
    @losVamonos 11 месяцев назад

    Hi Ania, do you have an updated way of creating a proxy server to keep API keys secure?

  • @eduardoranierosilva
    @eduardoranierosilva 2 года назад

    once again, thank you so much!

  • @mofe620
    @mofe620 2 года назад +1

    Thanks a lot for this

  • @galibhossan15
    @galibhossan15 Год назад

    can you make another tutorial with this project for deploy it with firbase and github? or any documentation for it?

  • @tamilprogrammer
    @tamilprogrammer 2 года назад

    Your thumbnail font is awesome... What font are you using?

  • @Deadragonbone
    @Deadragonbone 2 года назад +1

    I want to thank you. You make programming popular amount women 👏

  • @MattElisa97
    @MattElisa97 3 года назад +1

    Yes !!! 🤙🏽🤙🏽 i'll be there !

  • @vadimbondaruk8133
    @vadimbondaruk8133 2 года назад

    It would be cool if you will provide tutorial how to deploy this app

  • @cyberpunkdarren
    @cyberpunkdarren 3 года назад

    Good stuff A!

    • @cyberpunkdarren
      @cyberpunkdarren 3 года назад

      @Code with Ania kubó You're phone is hacked btw

    • @aniakubow
      @aniakubow  3 года назад +1

      @@cyberpunkdarren so many bots! I have now reported and blocked :)

  • @xclidongbo
    @xclidongbo 3 года назад

    讲得非常好。

  • @marianareissilveira
    @marianareissilveira 2 года назад

    Great video Ania!
    I was wondering, how can I use this method to hide my keys in React Native? Would that be the same thing?
    Thanks

  • @noorsh
    @noorsh 3 года назад +1

    Hello Ania. Thanks a lot for your time and this tutorial! I have a question about the deployment. How to deploy the backend without it being revealed? Thanks again

    • @LeedleLeedle2212
      @LeedleLeedle2212 3 года назад

      Create environment variables with the service you’re using to deploy your code. I’ve done this with Heroku, I’m sure it is possible with other services too.

    • @priopambudi9533
      @priopambudi9533 3 года назад

      @@LeedleLeedle2212 Do you have any suggestion video tutorial for this?

    • @LeedleLeedle2212
      @LeedleLeedle2212 3 года назад

      @@priopambudi9533 the 30:00 minute mark of this video can help.
      ruclips.net/video/ZGymN8aFsv4/видео.html

    • @priopambudi9533
      @priopambudi9533 3 года назад +1

      @@LeedleLeedle2212 Thats amazing. Thank you so much. You're the best!

  • @natnaelamanuel
    @natnaelamanuel 3 года назад +1

    Would have loved an angular version of this too. Would it be the same?

    • @tronixmobile
      @tronixmobile 3 года назад +5

      It's pretty easy. Never insert an API key in your frontend Javascript! You can use a backend proxy or an API gateway.

    • @natnaelamanuel
      @natnaelamanuel 3 года назад

      @@tronixmobile thanks for the info 👍 🙏 😀

  • @ryanborgy
    @ryanborgy Год назад

    How does this help? I mean what prevents someone from just calling that backend endpoint and using the token? Is there any authorization on the backend API?

  • @sahartal9503
    @sahartal9503 3 года назад

    Good One, thanks!

  • @FuzzyDunlopification
    @FuzzyDunlopification Год назад

    My understanding is that React will bundle your .env file during the build process regardless so either way the key is exposed?

  • @netsaosa4973
    @netsaosa4973 Год назад

    Thanks, I got confused on the whole parameter thing. My API call doesn't use queries so I had to pass my front-end parameter as the useState array and declare it in expressjs as const stateThing = req.query.stateThing

  • @stoyankoychev102
    @stoyankoychev102 2 года назад

    Amazing, but how you deploy it?

  • @errinwright
    @errinwright 2 года назад

    Thank you you are amazing!!

  • @fanegantosin2973
    @fanegantosin2973 3 года назад

    Love you Ania

    • @fanegantosin2973
      @fanegantosin2973 3 года назад

      @Code with Ania kubó thanks I get in touch with you via WhatsApp anytime I have coding issue

    • @aniakubow
      @aniakubow  3 года назад +1

      @@fanegantosin2973 Careful, that is a bot impersonating me - I have now blocked them and reported :)

    • @fanegantosin2973
      @fanegantosin2973 3 года назад

      @@aniakubow thanks about that, please do make more tutorial on how to fetch API

  • @sevsol88
    @sevsol88 3 года назад +1

    Is the lack of semicolons on your code a stylistic thing or is it recommended or something??

  • @daniellukonis
    @daniellukonis 3 года назад

    Thank you for this!

    • @daniellukonis
      @daniellukonis 3 года назад

      Hi Ania, do you have any tips or resources for promoting APIs? I am working on one and think it could be very useful to a lot of people. thx!

  • @BALAJIM-rt5fy
    @BALAJIM-rt5fy Год назад

    its working perfectly in local but i need to depolye in iis so i need to build the application on that case what should i do with index.js and so fetching url of backend nodeserver url ?

  • @CottonInDerTube
    @CottonInDerTube 3 года назад

    1) ppl calling your page will increase the api calls
    2) ppl calling your backend directly will increase the api calls

  • @GeMiniS10000
    @GeMiniS10000 2 года назад

    Gracias, so good

  • @becauro
    @becauro 3 года назад

    Awesome!

  • @gorimor
    @gorimor 3 года назад

    Awesome thanks.

  • @OliverK-XY99
    @OliverK-XY99 3 года назад

    Haha I love that thumbnail.

  • @softtech3172
    @softtech3172 2 года назад

    thank you so much

  • @lavishly
    @lavishly 3 года назад

    Can you mention how to do it in Cordova and Ionic too when you release?

  • @matheussoares1138
    @matheussoares1138 2 года назад

    Thanks!!

  • @Tech_Wes_
    @Tech_Wes_ 5 месяцев назад

    @10:23 where you configure the configuration for your run commands, how do i configure that in vscode? I've tried researching, but I can't figure out how to get the edit configuration screen to pop up like yours and edit the run command? Thank you for the tutorial!

    • @aniakubow
      @aniakubow  5 месяцев назад +1

      Hello! I am using Webstorm for this so it’s different than vscode :). But you can just edit the npm run command in the package.json file also, and run the command in the terminal. Does that make sense ?

    • @Tech_Wes_
      @Tech_Wes_ 5 месяцев назад

      @@aniakubow Ahh thank you for the quick response, i really appreciate it. Yeah, I ran npm start:front end and it seemed to work. Took me a bit of configuring, but my imdb api is looking real nice. Thanks again!

  • @rishavrungta
    @rishavrungta 2 года назад +1

    Whats stopping someone to use this endpoint and get the value at my expense?

  • @nickbee123456
    @nickbee123456 Месяц назад

    I’m so confused. What’s stopping a bad actor from just calling your backend lots and running up your API charges?

  • @stevenoketch6950
    @stevenoketch6950 2 года назад

    Nice info

  • @saeidghorbani4388
    @saeidghorbani4388 Год назад

    thank you

  • @programmersohel
    @programmersohel Месяц назад

    Next.js is the best option to resolve the issue.

  • @zombaju
    @zombaju 2 года назад

    Hi, I use Firebase for work and unfortunately those values that I "hide" in .env are visible in some operations in the browser console. I don't know if this is normal in Firebase?

  • @Vlad_666
    @Vlad_666 3 года назад +1

    in short answer use your own proxy, where you store all api keys

  • @cloud_c5222
    @cloud_c5222 3 года назад

    This is mind boggling

  • @jianiliu6701
    @jianiliu6701 2 года назад

    Followed you along, but keep getting this error, TypeError: Cannot read property '5. Exchange Rate' of undefined...