Forum Discussion
How to implement "Manage blobs with JavaScript v12 SDK in a browser" with private SAS tokens?
Hi there,
I am currently implementing the "Quickstart: Manage blobs with JavaScript v12 SDK in a browser" application from this documentation:
https://docs.microsoft.com/en-us/azure/storage/blobs/quickstart-blobs-javascript-browser
I have built the project fine, and everything is working in the browser as the tutorial outlines however I am running into an issue when it comes to obscuring the API Keys. When parcel bundles the project together the full API Keys can be accessed by looking in the source files.
My inclination is that I should not be using API Keys in browser-based application due to the security concerns, instead having an API endpoint which the application can call and return a Shared Access Signature (SAS) token.
The only issue is that I cannot find this as solution anywhere in the documentation, does anyone know of any solutions to this problem?