Safe to send the requests, yes. Safe to sign them, no. In pure Javascript OAuth 1.0A implementations, your consumer secret will have to appear somewhere in your Javascript code to sign the requests. The visibility of your secret compromises your API keys and requests, putting your application and user's reputations & security at risk. There's always a risk of secret discovery in desktop or pure client applications, but it's riskiest when the secret is in plain sight.
Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Sun, Apr 11, 2010 at 12:09 AM, Karolis <[email protected]> wrote: > Hello lively community, > > I am in the process of building web app based on a Twitter Data. > Currently all my app is based on javascript and everything happens > client side. > However, due to API rate limitations and because some of the twitter > request have to be authenticated (users/lookup) - i have to use oauth > authentication. > Now my question is it safe to send api requests authenticated by OAUTH > via ajax calls which are happening on client side? > > Thanks in advance > karolis > > > -- > To unsubscribe, reply using "remove me" as the subject. >
