If I use the REST API plugin in Weweb, are the API keys secured?
If not, what’s the best alternative?
From what I understand, as long as the key is passed as a header inside the plugin editor, it’s secure. But if you’re storing the API key as a variable (which is exposed upon page load) or the API key is in the API URL you are calling (such as a parameter), then it would be exposed.
Here is a great Security 101 video that WeWeb published just a couple weeks ago that has more on this: Build secure web-apps with no-code tools - YouTube
No. You need to keep sensitive keys in and make the calls calls from your backend.