How to encrypt/decrypt API data with express and nuxtjs to prevent scraping?

  cryptography, express, javascript, nuxt.js

I want to encrypt my API data so that the user can’t see it in the network tab or as plaintext in something like the window.__nuxt__ object.

The way I’m doing this now:

  1. encrypt data in back-end with a secret string (like a password)
  2. send encrypted data to front-end
  3. decrypt it on client-side (using the same password as in the back-end)

Here is the problem: The function that decrypts my data can be found by looking through the bundled JavaScript files in the Browser.

Although the function is obfuscated, it is possible the reverse engineer it. And since the password is stored within the function (it has to be, right? Since I don’t have the process.env variables on the client-side) everyone can(theoretically) scrape my data.

What is the best way to prevent this?

I know that the data is visible eventually in the browser. I just don’t want it the be visible in plaintext.

I’m using express in the back-end and NuxtJS in the front-end by the way.

Source: Ask Javascript Questions

LEAVE A COMMENT