[Vuejs]-Encrypting API request payloads and response

1👍

Does it exist a good/better way to encrypt the payloads between vueJs and a API server?

No, that’s impossible.

Encryption relies on having a secret key that is used to encrypt and decrypt the payload. Any application running in the browser (JavaScript, WASM, or otherwise) delivers its source code to the browser so it can execute, which means your attackers have access to it.

If your JavaScript code generates a key in memory, that memory can be read by the browser user at any time.

Even if you rely on obfuscation, that’s not good enough. You can try to be as clever as you want, someone is going to reverse engineer the jumbled up code you publish.

Don’t ever trust data provided by the client. Always authenticate and authorize your API calls.

0👍

I would argue that this approach is very close to the infamous security through obscurity approach and in general not worth the effort. You client code is obviously is available to clients and this will not prevent malicious user from figuring this trick out and replicating it. I think it is much better to spend time on security testing and implementing techniques to prevent at least most common vulnerabilities (for example).

Leave a comment