Solution retrospective
This project took much longer than I expected. I struggled with the APIs provided in the challenge’s README (most of them didn’t work), handling the fallback timezone, the layout, and some of the animations. In the end, I just wanted to get it finished. It definitely still needs some work, but for now, I’m calling it done.
Please log in to post a comment
Log in with GitHubCommunity feedback
- @kim-fransson
Hi!
I understand your feelings when things does not goes as planned, however there is one really important thing I need to point out, and that is that you are storing the api key on client side.
const quoteDataResponse = await fetch( "https://api.api-ninjas.com/v1/quotes", { headers: { "X-Api-Key": import.meta.env.VITE_QUOTES_API_KEY } } );When inspecting the network requests, I can see the key being sent directly, which poses a security risk, anyone can extract it and use it to make unauthorized requests to
https://api.api-ninjas.com.To mitigate this, it's important to treat API keys as sensitive information. They should be stored securely on the server side and accessed through a backend service. The frontend should then communicate with your backend, which can forward the request to the external API as needed. This keeps the API key hidden from end users and helps prevent misuse.
Since you're using GitHub Pages, I understand there may not be a backend in place. One easy solution is to use a platform like vercel, which allows you to deploy serverless functions. You can create a simple API route there to act as a proxy between your frontend and the external API. This way, the API key is kept secure on the server side, and your frontend only talks to your own endpoint.
I like vercel, I use it a lot for different projects, it has a very generous free tier :D
All the best,
Kim
Marked as helpful
Join our Discord community
Join thousands of Frontend Mentor community members taking the challenges, sharing resources, helping each other, and chatting about all things front-end!
Join our Discord