Support direct requests from the browser
oliverbarnes opened this issue · comments
In requests straight from javascript in the frontend, the consumer app server would be bypassed. In this case the key will be visible in the javascript source.
So supporting direct javascript requests will be more involved. One reference implementation is Stripe publishable keys
Originally posted in #2 (comment)
Phoenix has built-in token generation: https://hexdocs.pm/phoenix/Phoenix.Token.html
Thread on token auth with elixir: https://elixirforum.com/t/is-there-any-recommended-way-of-doing-api-authentication/5954/5