Locking API calls from frontend and hide api url and key

delillonicola · June 3, 2025, 3:49pm

What is the name of the domain?

api

What is the issue you’re encountering

My frontend calls an API on render for a calculation base on user input, and writes the form on a supabase database. At the moment the API in render is exposed publicly, while the supabase insert happens via edge function, but API key is exposed in the JS browser. How I do hide the two apis call? Should I use worker? What is Zero Trust functionality?

Was the site working with SSL prior to adding it to Cloudflare?

No

What is the current SSL/TLS setting?

Flexible

system · June 18, 2025, 3:50pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Let only my domain access my api SSL / TLS	2	2818	March 28, 2021
Tips for secure API Access	1	2132	April 1, 2021
How can we protect our web api-service? SSL / TLS dash-troubleshooting	12	4055	April 19, 2019
Zero Trust - access api on a different domain, protected by zero trust Access	3	1604	October 27, 2022
Cloudflare Access Applications not able to communicate Access	3	1670	May 21, 2022

Locking API calls from frontend and hide api url and key

What is the name of the domain?

What is the issue you’re encountering

Was the site working with SSL prior to adding it to Cloudflare?

What is the current SSL/TLS setting?

Related topics