API access security for DApps

I have been thinking about this problem for awhile. I was surprised the first time I looked into the front end of a dapp and found the API key in the code. This is obviously a problem, but the solution fundamentally is rooted in the way that web2 works.

I think the end solution is to have users assigned their own permissions to access API’s. Users could receive credit allocations based on the services they use, and how frequently they use them.

Similar to the ABI issue are Merkle Trees. ENS could support it, and a subgraph or other decentralized network could serve access to the Merkle Tree to do proofs.

I have not looked into all of this in detail yet. I look forward to hearing any thoughts on this. There are currently some very large holes in the Web3 stack, (including the API key problem), and maybe ENS can be used to fill some of these holes in.


What if API keys could be issued as a standardized token and stored in the wallet?

1 Like