How to secure your API Keys
In this guide, we will discuss how to protect your API Keys in production applications.
We will use thirdweb SDK v5 in guide and vercel as hosting
- Setup your
ThirdwebProvider
import { ThirdwebProvider } from "thirdweb/react"; function AppWithProvider() { return ( <ThirdwebProvider> <App /> </ThirdwebProvider> ); }
- Setup your
ConnectButton
withclientId
import { defineChain, createThirdwebClient } from "thirdweb"; const client = createThirdwebClient({ clientId: process.env.THIRDWEB_CLIENT_ID, }); <ConnectButton client={client} />
- Set Environment Variables
Head over to your vercel project’s dashboard, under project settings > Environment Variables, we will use THIRDWEB_CLIENT_ID
as the key & our thirdweb clientId
as the value
- The next step is to follow this guide and set up proper access restrictions for our clientId. We will use the domain Id restriction to only allow the
clientId
to be used on our website. - Domain IDs: A domain ID is used to restrict access to the enabled thirdweb infrastructure services based on a specific domain. It serves as an identifier for websites.
- Bundle IDs: A bundle ID is a unique identifier used to restrict the Client ID to your Unity native or mobile application.
That’s it! It is that simple and easy to secure your keys for your react/next applications
Can’t get this working? If you’ve followed the above and still have issues, contact our support team for help.
Did this answer your question?
😞
😐
🤩