I have 3 Frontend App that point to one API(express). Currently I generated 3 unique keys for each app for me to validate the api call from the frontend app. Since it rarely change, is it okay if i store as json file in api server?
Currently, it got store as text. I wondering if i need to encrypt it?
CodePudding user response:
Storing the keys in a JSON file on the API server would be a reasonable approach, as long as the server is secured and the file is not accessible to unauthorized users. However, it would be more secure to store the keys in a secure location, such as an environment variable or a secure key management service, to minimize the risk of the keys being compromised. Additionally, you should consider rotating the keys regularly to further enhance security.