4

everyone. I'm trying to create league of legend api, but I need to hide the api key. I know there is no way to hide the key from the front-end, so this is how I did it, I'm not sure this is the best way to do it. Please help me!! Thanks!

HTML.file

var getID = function(playerName) {
  $.ajax({
    type: "POST",
    url:"test.php",
    dataType:'json', 
        data: {'url': "api/lol/na/v1.4/summoner/by-name/"+playerName+"?"},
    success: function(data){
       playerID = data[playerName].id;
       console.log(playerID);
    }
  });
};

So every time I'm calling ajax, I'm making a ajax request to the test.php file, and pass the url to it, then the php code will use the url to get request from the game server and send back the result to front-end.

test.php

<?php 
  header('Content-Type: application/json');

  $url = $_POST['url']; 

  $json = file_get_contents('https://na.api.pvp.net/'.$url.'api_key=key');

  $obj = json_decode($json);
  echo json_encode($obj, JSON_PRETTY_PRINT);
?>
Improve this question
1
  • 1
    Looks good to me, as long as everything in $json is public. Otherwise you would have to unset some elements before you encode and return it. Commented May 26, 2015 at 17:17

1 Answer 1

Reset to default
2

As long as the Ajax request will only trigger for a valid, authenticated user with an established session this looks good. Otherwise, anyone could call it with arbitrary 'playerNames'.

It will definitely prevent your API key from being exposed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.