I'm doing technical test for some company and I created github api token and used in fetch function(headers : Authorization) , because without it I exceeded fetch limit(20-30 calls in minute), now I have to push my project in github and what should I to token? I know that's it's personal, but without it website crashes if user calls fetch more than 20-30 times in minute, what should I do?
const getPoPularProfile = async () => {
const api_url = 'https://api.github.com/search/users?q=repos:%3E800+followers:%3E1000&page=1&per_page=10';
const fetchProfile = await fetch(api_url,{
headers: {
Authorization: `token my token `
}
});
const profile = await fetchProfile.json();
setProfiles(profile.items);
}
so thats code, it gets called every time user types something in search bar, i know github api limit is like thousands in hour, but if you aren't calling fetch in same intervals, its like 10-15 calls per minute, and 20-30 call per minute if using github token, so thats why i am using token and setTimeout function to avoid calling fetch more then 20 times per minute.
if(searchValue !== ''){
setShow(true);
setSpinner(true);
const timer = setTimeout(() => {
getSearchedProfile(searchValue);
}, 2200);
return () => clearTimeout(timer);
}
and if won't push token with project and someone clones my code from github, and hosts it, site will crash because for exceeded limits.
Your code should read this key as an environment variable or via a secret's manager (e.g. aws) or similar. It should not be hard-coded.
Other users of the code should get their own key, or a valid key by logging into GitHub. You can offer to communicate the key to them via email as a convenience.
Even if they have a private repo, it is frowned upon to commit the key to the repo.
Finally, the key must only be used on the server-side. If the key is used in public facing client-side webpage, then you've shared it with anyone who cares to take a few clicks and look at the network traffic from that webpage. I hope your code talks to your private API, and that API uses the key to communicate with the 3rd part service.