Hello Marvin,
Thank you for contacting Apryse Forums.
As mentioned in this forum post, there is no way to hide code from the client. Users can see everything sent from the server. Since users can see everything, there is only so much that can be done, namely obfuscation. This is not something Apryse can change as this is how the web works.
> Do we need to have the license key as a secret variable or is it safe to put the key as a plain string inside the JavaScript Code?
We don’t require any further protection of the key other than passing it into the WebViewer constructor, but if you want to make it difficult for other users to see your key, you can try obfuscating it.
Here are some ways to make it harder to find such as using window.btoa to encode the license key and using window.atob to decode it before passing it into the WebViewer constructor. Then uglify and minify the output script so it is harder to read.
// some other js file
window.zfeg48 = ‘bGljZW5zZSBrZXk=’; // randomly named global variable = btoa(‘license key’)
// main.js
WebViewer({
licenseKey: atob(window.zfeg48),
…
}, viewerElement);
You could make the process as difficult and convoluted as possible to deter prying eyes (ex. multiple minified files; each putting together a part of options object before passing into WebViewer). However, it will be accessible during the exchange.
Best Regards,
Darian