Hello,
My use case is the following: I want to use two API endpoints and the database for storing and reading comments for blog posts; I want users to be able to leave comments after solving a captcha (= no login required). The blog itself is a web application running in the browser, so there is no way to keep anything secret.
I would not like anybody to write rubbish data to my data tables, but since the API key is not securely stored I am not sure this is possible?
Thanks,
Tamas
Hello @Tamas_Gyorfi
This is a great question, but let me split it on two questions:
- how to secure API_KEY
So, about the API_KEY, actually, you do not need to hide it, however, you need to configure Roles/Permissions Security - Backendless SDK for JavaScript API Documentation
- how to use reCaptcha with Backendless Using reCAPTCHA v3 with Node.js. In this post I will show you how to… | by Sergei Sizov | Medium
In order to verify reCaptcha you need to send the generated token along with the comment object to the server-side (Business Logic) in beforeCreate Event Handler. Take a look at this article, I believe you can find it helpful Using reCAPTCHA v3 with Node.js. In this post I will show you how to… | by Sergei Sizov | Medium
Regards, Vlad