docs: adding protect keys faq #1044
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
avarobinson
requested review from
moldy530,
rthomare,
dancoombs,
mokok123 and
dphilipson
as code owners
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
rthomare
reviewed
Oct 10, 2024
|
|
||
| Protecting your Policy ID requires some custom work, but it’s similar to safeguarding any key on the backend. One solution is to use a proxy server that holds both the API key and Policy ID. In the frontend, when creating an Alchemy client, pass the proxy server URL as the RPC URL instead of a public Alchemy URL. | ||
|
|
||
| Additionally, you'll need to implement custom code on your proxy server to limit gas sponsorship requests. This could include rules that make sense for your app, such as limiting gas fees, restricting certain contract or method calls, or implementing limits based on IP addresses or CAPTCHA verification. |
There was a problem hiding this comment.
Do we have an example we can link people to?
There was a problem hiding this comment.
We have an old example from worth of words but might be more confusing than helpful since it's outdated versions. Wdyt?
There was a problem hiding this comment.
Agree with Ava that it doesn't make sense to link a code sample from an older version. I don't think we have a sample at the moment, but maybe when I get some time I'll update Worth of Words to use UI Components and then we can link it.
dphilipson
previously approved these changes
Oct 16, 2024
…orm/aa-sdk into ava/add-faq-protect
moldy530
approved these changes
Jan 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Checklist
yarn test)sitefolder, and guidelines for updating/adding docs can be found in the contribution guide)feat!: breaking change)yarn lint:check) and fix any issues? (yarn lint:write)PR-Codex overview
This PR adds a new section to the
faqs.mdxfile addressing the protection of API keys and Policy IDs in frontend applications. It emphasizes the importance of safeguarding these credentials and provides recommendations for securing them through backend routing and proxy servers.Detailed summary