Linked Questions

Popular Questions

I have a functioning WASM (Blazor) SPA and I want to add payments to it. Obviously this requires the use of secure API keys and so I don't think they should be stored in the App itself..

I am debating with myself and have a couple of choices. I can:

a. Run the payment process on a (say) Razor Page on the server and somehow, get the result back to the client. or

b. run the payment (JS drop-in) on the client, but go and get the API keys from the server as they are being used and delete them afterwards.

I am favouring b. but wondering if that is going to open up some massive security hole I am not aware of?

If I use a. I can get to a razor page on the server ok. But I think that will lose the application flow and not be a great user experience.

Which approach should I use? Thanks in advance

Related Questions