Web3 API where API KEY

If I use the Moralis Web3 API through the JS SDK do I need to define the API Key somewhere? And if I use the Rest API directly?

If you use REST API directly then you have to define the API Key, if you use Moralis SDK you don’t have to define it.

Hmm, that’s what I thought but how does this work, I’m confused, so the JS lib doesn’t communicate with the REST endpoints directly and maybe with the server and then the server with the REST API? I don’t get it.

Yes, the request from Moralis SDK JS lib communicates with your Moralis Server and not directly with with REST endpoints.

OK, now I found it, here are the functions being called:
const response = await http.post(/functions/${name}, options, {

But how is this communication protected? I mean, I must start Moralis with my server url and app ID and thus hardcode this in my code, so anyone could extract this and then send requests to the moralis server in my product’s name?

1 Like

I think that I understand now what you want to say, I think that someone could make some API queries using your server if he really wanted to do that. How would you want to protect in this case? Those requests are also being used by your application users, and you would want for your users to be able to make those requests.

I think that the security part of my question is for another topic, I must think further on it because I don’t remember exactly now a past proyect, but there was something about avoiding to store in the product the api key, etc. and instead retrieving those from the server somehow, I will come up with it when I know it exactly.
Going back to the original question, is there a difference in calling the REST API directly and using the SDK provided functions? Because I’m used to work with a code that I already have to fetch REST APIs and was wondering if there would be cons or pros in using the rest API directly on the client instead of the sdk functions?

For the REST api you have to provide the API key, and it is not recommended to save that API key in the front end. And from JavaScript front end it is easier to use the SDK provided functions. If you run that on backend then you can use the REST api without any problems, from any programming language.

1 Like