I want to encrypt my API data so that the user can’t see it in the network tab or as plaintext in something like the
The way I’m doing this now:
- encrypt data in back-end with a secret string (like a password)
- send encrypted data to front-end
- decrypt it on client-side (using the same password as in the back-end)
Although the function is obfuscated, it is possible the reverse engineer it. And since the password is stored within the function (it has to be, right? Since I don’t have the process.env variables on the client-side) everyone can(theoretically) scrape my data.
What is the best way to prevent this?
I know that the data is visible eventually in the browser. I just don’t want it the be visible in plaintext.
I’m using express in the back-end and NuxtJS in the front-end by the way.