Initialize in PHP and then switch to Javascript?

Question

I don't like like revealing the secret key, despite the server side tools. I know the basics of PHP (codecademy course) but have not really used it, but it seems to me that I should be able to use PHP to initialize the APP42 connection, and then do the rest of the code in javascript, or at least use a little PHP so that the user does not get the secret key. Any help would be apprecaited. Thanks in advance

Answer 1

Hi Chance,

Greetings for the day!!!

Putting a secret key inside the code is not an issue, the main keys are API Key and Admin key (if you have created an ACL app). Because if you embedded the API & Admin key inside your code, then any programmer can see those credentials by debugging your source code and that's why we provide 2 level security for app data:

• Method Authorization 
• Object level authentication ( ACL)

Also, the server side tools help you in a different way because you can embed the admin key inside your custom code and you can take further action on the top of all services and it will be on the server. Nobody can see your data or your credentials from it. 

Please go through this link for more details and let us know if you need any help while integrating it. 

We are happy to assist you. 

Regards,

Himanshu Sharma

Comments

Here's my concern. I'm a teacher. I teach coding. I also teach typing. I wrote a typing program for students to use which uses the Firebase system. I want to migrate here due to the limit of concurrent users firebase imposes. The drawback I see is if a student has the keys, they could write a program that would update their own save file, changing what levels they've passed. They would only need to write to their own account. I don't see how to give students accounts that save their typing progress while also restricting their ability to write a program that will edit their save file program to true values for assessments. Does my concern make sense?