How do I make a server-side request in my client-side rendered React app?

About

Asked 10/7, 2020 at 11:57 Answered 10/7, 2020 at 15:33

I have a React app in which I need to make some API calls which include the API token in the request headers. I'm not concerned about rendering the whole app server-side as I don't care about SEO, performance etc., it's just a hobby app.

The only thing I want to do is make sure that the API calls are done server-side so that the authorisation header is not shown. Is there a way to implement this?

I've tried fetch and axios but they both show the headers in the Network tab.

I only really understand SSR and CSR at a basic level, so I'm not entirely sure if what I want is achievable, or whether server-side API calls require server-side rendering too.

Tradesman answered 10/7, 2020 at 11:57 Comment(8)

Seems like your API calls are post-client-render. Could you give us a glimpse of code? – Tweeddale 10/7, 2020 at 12:1

@Tweeddale for example, I have a save button which triggers a POST to my own backend to save user input on the page to the DB – Tradesman 10/7, 2020 at 12:5

Ah, there you go. That's not what SSR is really about. Have a read here: smashingmagazine.com/2020/07/… (What Is Server-Side Rendering? (SSR) paragraph) – Tweeddale 10/7, 2020 at 12:7

I don't want SSR, I just want server-side API calls in my client-side rendered app – Tradesman 10/7, 2020 at 12:8

All the interactions on your webpage/app will result with non-transparent calls. By non-transparent I mean visible in devtools – Tweeddale 10/7, 2020 at 12:11

So how does one make server-side API calls on a client-side rendered app? – Tradesman 10/7, 2020 at 12:25

You don't. Not when app already got rendered on client side – Tweeddale 10/7, 2020 at 12:26

This seems like a major disadvantage of a client side app. All the blogs seem to talk about is SEO but having API tokens exposed is pretty major... – Tradesman 10/7, 2020 at 13:2

If you are using a client side app, then its not possible to call a api without showing the Authorization header. However you can do one thing is, you can add a node server as a middleware in between you React app and the server. You will call the node server for API and the node will call the actual data server with authorization. In that case, user will not see the authorization key as it will be set by the node server rather than your react app

If youa re concern about security, you also enable **App key ** and App secret and keep them in node server and with every api call, add those **App key ** and App secret with your request.

Distefano answered 10/7, 2020 at 15:33 Comment(8)

Thanks for your answer, this looks like a good solution. What is the best middleware to use? – Tradesman 10/7, 2020 at 15:58

You can simply add a node server as a middleware. A stand alone NodeJs app. – Distefano 10/7, 2020 at 16:45

I don't understand what this means – Tradesman 10/7, 2020 at 16:49

As you are calling your API server, so in this solution, you will your node server. A stand alone node application which will just receive the API called by your React app and then it will call your API server with the authorization header and APP KEY and APP SECRET and eventually receive data from you API SERVER and send the data as a response to your React App. – Distefano 10/7, 2020 at 17:12

Also you can have a look at this boiler plate. This is actually what you can do github.com/monzoor/node-react-boilerplate Specially this one: github.com/monzoor/node-react-boilerplate/blob/master/server/… – Distefano 10/7, 2020 at 17:15

Thanks, I understand it now :) – Tradesman 10/7, 2020 at 17:15

Pleasure is mine. Hope I was useful :) – Distefano 10/7, 2020 at 17:19

More than useful, it worked perfectly! Thanks again – Tradesman 10/7, 2020 at 17:52

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags