cancel
Showing results for 
Search instead for 
Did you mean: 

Search API for client side using signature

sachinsaxena_1
Explorer
0 Kudos

Hi,

In reference to article https://help.sap.com/viewer/8b8d6fffe113457094a17701f63e3d6a/GIGYA/en-US/414dfd8070b21014bbc5a10ce40... for making a client site call for accounts.search, we need to construct a signature that can be passed the request in order to authorize that request.

As per the article partner's secret key should be used to construct the signature.

Is keeping partner's secret at client side not a security issue? As anyone can pull the secret key from the app or client page and can make unwanted calls.

Accepted Solutions (0)

Answers (1)

Answers (1)

The secret key should never be exposed to the client-side and whilst using accounts.search can be used from the client-side using a constructed signature, the signature should be constructed via a secure method on the server-side so the secret key is never exposed client-side.