I’m looking at progressier to convert my web app into a pwa with some notification capabilities. However, I’m nervous about entering my API key into the plugin. Is this a legitimate concern?
Your key is safe if the plugin author set it up correctly as a private key. Bubble encrypts keys marked as ‘private’ on the server-side and they are never exposed to the user’s browser.
You can verify the key isn’t being sent to the front-end by checking the network requests in your browser’s developer tools. There you can see every api call you make, if the key is public you can see it there and that would be an issue. If not then its fine
But normally plugin developers keep these private. If you like i can audit you app
Thanks for the reply; however, I misunderstood the plugin. They are asking for a progressier api key that’s provided when you sign up an account on their site.
@progressier I think it would ease customer concerns if. you named that input “Progressier API Key” because that’s unclear, and I almost moved on from the plugin.