national-gold•17mo ago
Is there any way to hide the code snippet ?
Hello, i was wondering if there was a way to hide the code snippet that i would give to the client for him to integrate on his website. I would not want the project ID and everything accessible to everyone just by looking at the source code...
7 Replies
Unfortunately, it's not possible to completely hide the code snippet, including the project ID, from the client if they are integrating it on their website. The project ID, runtime URL, and version ID are necessary for the Voiceflow chat widget to function correctly. These details are included in the
chat.load() function in the JavaScript code snippet provided by Voiceflow.
However, it's important to note that the project ID itself doesn't grant access to your Voiceflow project or its data. It's simply a unique identifier used to load the correct Voiceflow project in the chat widget. The project ID doesn't provide any additional permissions or access to your Voiceflow project.
If you have concerns about security or privacy, I recommend discussing these with your client and establishing clear guidelines for handling and storing the code snippet. It's also a good practice to regularly review and update your security measures to ensure they meet your project's needs.vicious-gold•17mo ago
You can't
hide code entirely, but there are situation where you want to make it difficult for someone else to read it. This is called code obfuscation
There's basically a lot of algorithms out there to do this, and it makes it a lot harder for someone to read the code
A quick google search led me to this for javascript: https://obfuscator.io/#code
Not sure if it outputs correct code (i assume it does given its the first result on google) and ill include screenshots of what it becomesvicious-gold•17mo ago
vicious-gold•17mo ago
That's code obfuscation, might be what you're looking for here!
In the end though, it really doesnt matter. Thats the thing about frontend code.. Its running from the user's browser.. There is always a way to see it (i.e from the network tab if you right click -> inspect when it tries to send the HTTP request)
this is why you dont need the API token itself in the code snippet for the chat widget, only the project ID. The API key is used in backend code for hitting the API endpoints that can cause actual damage (i.e delete knowledge base API request)
national-goldOP•17mo ago
i see, thank you for your response. I guess i will not try to hide it... after thought, i believe that if there was a real problem, i would have heard about it ! Once again, thank you so much Mike !
vicious-gold•17mo ago
No problem! 🙂
other-emerald•17mo ago
Very interesting thanks for sharing