How to Hide API keys?

 Why should we hide API keys?

Most of the time, when we create any web application or app we use third party APIs to save time and increase efficiency of website. But by embedding an API key in your app or web application, you are linking each request your app makes back to your developers billing account. Since .apk files are easy to reverse engineer, an attacker could conceivably extract your API key, use it in their app, and you'd get the bill.

How to hide API key ?

1. Install Dotenv module that loads environment variable from .env file into process.
   - npm install dotenv
2. In your app.js file require dotenv module.
   - const dotenv = require("dotenv").config();
3. Create new file .env into working directory and inside that file put your API key as follows:
   -API_KEY = 34386585
4. In app.js file, load your API_KEY from .env file as follows:
   -const apikey = process.env.API_KEY;

More resources :