logoAnt Design X

DesignDevelopmentComponentsPlayground
  • Ant Design X of React
  • Changelog
    v1.6.0
  • Model Integration
    • OpenAI
    • Qwen
    • Others
  • Agent Integration
    • Tbox
      Updated
  • Basic Usage
    • Usage with create-react-app
    • Usage with Vite
    • Usage with Next.js
    • Usage with Umi
    • Usage with Rsbuild
  • Other
    • Contributing
    • dangerouslyApiKey Explanation
    • FAQ

dangerouslyApiKey Explanation

Resources

Ant Design
Ant Design Charts
Ant Design Pro
Pro Components
Ant Design Mobile
Ant Design Mini
Ant Design Web3
Ant Design Landing-Landing Templates
Scaffolds-Scaffold Market
Umi-React Application Framework
dumi-Component doc generator
qiankun-Micro-Frontends Framework
Ant Motion-Motion Solution
China Mirror 🇨🇳

Community

Awesome Ant Design
Medium
Twitter
yuque logoAnt Design in YuQue
Ant Design in Zhihu
Experience Cloud Blog
seeconf logoSEE Conf-Experience Tech Conference

Help

GitHub
Change Log
FAQ
Bug Report
Issues
Discussions
StackOverflow
SegmentFault

Ant XTech logoMore Products

yuque logoYuQue-Document Collaboration Platform
AntV logoAntV-Data Visualization
Egg logoEgg-Enterprise Node.js Framework
Kitchen logoKitchen-Sketch Toolkit
Galacean logoGalacean-Interactive Graphics Solution
xtech logoAnt Financial Experience Tech
Theme Editor
Made with ❤ by
Ant Group and Ant Design Community

:::warning Please read this carefully, as it is important!!! We provide the dangerouslyApiKey option in useXAgent and XRequest. Here is a detailed explanation of its risks. :::

Why is it dangerous?

Enabling the dangerouslyApiKey option can be risky because it exposes your secret API credentials in the client-side code. Web browsers are inherently less secure than server environments, and any user with access to the browser may inspect, extract, and misuse these credentials. This could lead to unauthorized access using your credentials and potentially jeopardize sensitive data or functionality.

When is it not dangerous?

  • Internal tools: If the application is used only in a trusted, controlled internal environment, the risk of credential exposure is mitigated.
  • Limited-scope public APIs: If your API has a very limited scope, and the exposed credentials do not grant access to sensitive data or critical operations, the potential impact of exposure is reduced.
  • Development or debugging purposes: If the credentials are temporary, not used in a production environment, or are frequently rotated, temporarily enabling this feature may be acceptable.

References

  • Why is this dangerous?