api key
Hey guys please how do i secure my supabase api key in my sveltekit website when i have to call it every time to insert data ?
5 Replies
The anon apikey is considered public info. You can't hide if using a browser.
so that means anyone can acces my database ?
You have to use RLS to protect it. All REST APIs are the same if you want to access from browser.
What if i use express ? I think it's much secure right ?
If you run the code from a server or some native apps then the user can’t see it. But if the browser ever gets used even for one call or your anon key is in a public repository then you still need RLS.