Secure Concurrent API requests with JavaScript and Flask

Shanks Source

I have a FLASK app the makes a series (about a dozen) of API requests on user input. Right now I do those through an AJAX setup with FLASK and JS where the JS makes a POST request to a FLASK URL and a python function using requests makes an the API call, and sends the JSON back to JS.

User input -> Javascript/AJAX POST> FLASK/GUNICORN -> PYTHON API Request and JSON response -> Javascript/AJAX to page

The problem with this setup is concurrency. The JS requests are concurrent and the python requests are not. It's a dozen API calls, so it's significant time wastage. I would just move the API requests to JS which would then be concurrent, but then I would reveal my API key in the on page JS. I could build the whole FLASK/PYTHON API requests with AIOHTTP, but that seems excessive. Anyone have a clever solution of how to keep it simple and just make the API requests in JS/or in FlASK/PYTHON do it concurrently but keep the API key hidden/do it securely? Maybe there is an easy solution I'm missing, I'm new at this. Maybe a trick with routing through a POST request that's still handled by FLASK? I'm sure there is something there, I just can't figure it out.




comments powered by Disqus