I would like to add search for flickr images. I’ve installed https://www.npmjs.com/package/flickrapi with npm install flickrapi --save. I have api key and secret from Flickr.
How do I access it in meteor?
Do I keep the code for “No authentication, public API only” on the server, client or both?
(I use Blaze)
I haven’t used this package, but speaking generally, you would store credentials for an authenticated API on the server only (and do server to API calls).
A quick scan through that npm package suggests that you are able to access the public API from the browser, but also says:
Note: this is not secure. People will be able to see your API key, and this is pretty much the worst idea™…
And goes on to cover the case where your client proxies calls to the API through the server. In Meteor this is really easy with call/method
and protects your credentials from the client.
Just a word of warning: don’t store your credentials in a public repo on github (or wherever)!
1 Like