How to make REST calls secure

Question

I'm calling a webservice using the REST methodology using JSON/JS/jquery and am wondering if there is a way to call the webservice without exposing my API keys in the source code. Anyone know of a way to hide the API keys from the public and still make the call?

I'm worried that if someone goes through my source, they will be able to use my API key.

Answer 1

You could delegate the calls to your own server, so instead of:

1. Browser sends HTTP request to external REST API, with API key
2. External REST API sends response to browser

you have

1. Browser sends HTTP request to your server
2. Your server sends HTTP request to external REST API, with API key
3. External REST API sends response to your server
4. Your sever sends response to browser

---

I'm not sure that someone else "stealing" your API key is a huge problem, though, since API keys (Google, for example) are frequently associated with specific domains.