No announcement yet.

Hiding API key (AJAX, SOAP, API Advanced)

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hiding API key (AJAX, SOAP, API Advanced)

    I want to use AJAX to insert data from our database.

    I assume I can write a *.js to call the SOAP Advanced API, then insert AJAX directly into a template page which sends the SQL statement to the .js and returns the xml from the SOAP.

    Hopefully this will work - but what about the API key? Anyone would be able to read it with browser dev tools and have full access to the database.

    Any help would be appreciated.

    Thank you,


  • #2

    I'm thinking you might just want someone else to say this is a bad idea.. so I'll be the one. Never put sensitive data like this client side. You're asking for trouble. If you want to do something custom, it's best to write a thin web service and host it on a cheap server (digital ocean starts at $5/mo). Let the service deal with the 3dcart side. Your ajax can interact with the service.

    If necessary, hire someone who knows what they are doing for the parts you don't understand. It's better to pay upfront and know your system is done right to have someone with malicious intent show you otherwise and cost you potentially thousands in damages, downtime, and lost revenue.