Storing the API key

39rc · October 27, 2025, 4:32pm

Hi,

In the docs the api key is stored as a string in the javascript files.

Is this the official way to do it? I’m concerned that a user may read the js bundle and take the API key.

Thanks

Jamie_Lemon · October 28, 2025, 2:46pm

The API key is locked to the domain that you register for.

So, for example if you register a key for 39rc.com then the key only works on 39rc.com. It can’t be used anywhere else.

In theory, yes I think a user could extract the license key from the JS bundle, but they can’t do anything with it unless they have deployment access to your web domain. In this way the key is kind of safe to expose.

Topic		Replies	Views
Why is copying library assets to public folder necessary? WebViewer	1	11	October 28, 2025
Discover MuPDF WebViewer! WebViewer	0	20	September 23, 2025
Error in annotation api WebViewer	7	39	September 25, 2025
Our first Japan webinar! PyMuPDF webinar , japan	0	22	September 13, 2025
Adding `removeEventListener` WebViewer	1	16	November 7, 2025

Storing the API key

Related topics