I'm working with Apple Music MusicKit js API.
MusicKit is a front end js library that requires using the developer token in the front end to configure the MusicKit instance and get a user token.
I am attempting to create a web app utilizing MusicKit and I want to hide the developer token from users as it is sensitive data. I've noticed sending the token to the backend or bringing it into the front end from the backend causes it to show up in the network tab.
How can I set up my app in a way that I can utilize the developer token to get a user token but keep it hidden from users?
Use HTTPS: Imagine the envelope is secure, and only the receiver can open it. When you send your token, do it over HTTPS. It's like a secure envelope for your data.
Don't Display in URLs: It's like shouting your secret on the street. Instead of putting the token in the URL, send it in the request body or headers. It's like putting the secret inside the sealed envelope.
Encrypt if Possible: Encrypting is like writing the secret in a secret code. If your backend and frontend support it, encrypt the token so even if someone intercepts it, they can't understand it.
Use Environment Variables: Think of these like hiding your secret in a locked box. Store your token in a secure place on your server, like environment variables. Your code can access it without displaying it in the open.