Hi,
I have an apigee api end point which require api key, oauth token to make a post request from client library js.
Could any one share their experience on how to achieve this.
Where to store client id / consumer key, consumer secret if I need to get oauth token first ?
Thanks for any insights.
Hi @sreenu539
Its not recommended to store the client id/ secret in client side because it can be easily exploitable and extracted from dev tools.
My suggestion would be a two step approach where you have a BE call a servlet that can inturn fetch you the oauth token using the ID and secret stored in BE. This token can be stored in client side based on the expiration time and can be used to make the apigee request.
At the apigee side you can configure rate limit to ensure you are not getting too many requests and also restrict the endpoint usage to certain domain probably your website to make sure invalid requests are blocked.
Hope it helps
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.