Forum Discussion
Protecting Sensitive Data inside Storyline
Hi,
We've been creating some pretty great things using Javascript and APIs in Storyline, but we would like to be able to secure some of that information - e.g. API Keys and the Javascript code. To prevent unnecessary editing or leaking of this information.
Is there a way we can allow people access to the story file, but restrict access to the javascript?
Thanks
- Seb-DaubertCommunity Member
Hi, using a js obfuscator as Nathan says is a good idea, it doesn't prevent reverse engineering but it's a good start, the api key can be stored directly in a Storyline variable and called by javascript, encoding the api key in base 64 or with another method can also be an idea.
In any case, it limits the users likely to find the API key... - Nathan_HilliardCommunity Member
You can minimize your JavaScript, and you can obfuscate it, but since it runs on the client you can't really do more than make it inconvenient for a user to view it. Most of whatever you might do can be undone well enough to piece it back together if someone is determined. If you were to place your sensitive information into a server-side script (like PHP) that remains hidden from the client, then that would provide protection but any JavaScript will be exposed.
- JakeHurtCommunity Member
What do you mean by minimizing the Javascript?
I do understand, I did think that might be the case that its always gonna be able to be seen.
I need to figure out how to hide API keys though.- Nathan_HilliardCommunity Member
As for your API keys: Not sure what you're doing but often data or files that will be processed by some service that requires a key get uploaded to a server, which then re-uploads them to the outside service using your (then inaccessible) keys. The processed files or data are then returned to the client browser (as a downloadable link, or directly transferred as data).