Showing results for 
Search instead for 
Did you mean: 

Search API for client side using signature

0 Kudos


In reference to article for making a client site call for, we need to construct a signature that can be passed the request in order to authorize that request.

As per the article partner's secret key should be used to construct the signature.

Is keeping partner's secret at client side not a security issue? As anyone can pull the secret key from the app or client page and can make unwanted calls.

Accepted Solutions (0)

Answers (1)

Answers (1)

The secret key should never be exposed to the client-side and whilst using can be used from the client-side using a constructed signature, the signature should be constructed via a secure method on the server-side so the secret key is never exposed client-side.