I’m trying to create a web app for my Discord server that uses a bot’s API to do stuff.
This API can only be accessed through a JS API wrapper (https://github.com/UnbelievaBoat/unb-api). However, obviously storing my key in JS means anyone can steal it and use it, which would be bad.
Based on other Stack Overflow posts, it seems as if the recommended solution is to pass the request through to PHP as it runs server-side and therefore can’t be accessed. However, I can’t do this as I can only use JS to access the API – so what do I do?
Is there any way to call a JS function server-side that cannot be seen client-side so people can’t access my key? Or is there another solution?