I'm working on Angular 2 app creation and have faced with KEYS security issue.
It's necessary use application-id and secret-key for REST requests https://backendless.com/documentation/users/rest/users_requirements.htm
So in my case I need to keep these values in open view and this is insecure issue.
Each can get this data and execute something like this http://prntscr.com/elfzvr
I've found several similar topics on the forum but some of this older than one year and I want lift up this question one more.
My app will be hosted on heroku and all values (such as application-id and secret-key) be there as environment vars.
For now I see several ways to fix this issue.
The first one:
1) Remove all keys from front end part.
2) Create proxy server on heroku
3) Send all requests to this proxy (there will be available application keys on a backend side)
4) Send real requests (with keys) from proxy to backendless.
But it's not simple and fast variant.
The second one:
1) http://prntscr.com/elh7f8 set host for domain control.
But it's quite simple to create fictive app locally with OpenServer and set there your necessary URL (for example). And get necessary data.
Please correct me if I'm wrong in description above.
Could you provide please another variant how we can prevent insecure behaviour with open keys?