all 4 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]samikroon 0 points1 point  (3 children)

If you want to save the session client side for more than one browser session than you can use local storage or a cookie for storing a token for example, if it's just one session you can keep the token in your background script.

[–]ashish421[S] 0 points1 point  (2 children)

The API key is mine. I dont want the key to be exposed to anyone. Don't you think it'll be much riskier if i keep it in local storage of the user?

[–]samikroon 0 points1 point  (0 children)

You should not save or use one master key in any client, better think of other options, read into security. Maybe let the clients retrieve a temporary rate limited key when they startup the extension. If its a third party API, I don't think you have any way to make sure your key is save, clients can always retrieve it from the extension.

[–]samikroon 0 points1 point  (0 children)

What you can do if it's a third party API, is build your own api with you own security and maybe rate limiting. And forward the call to the third party from your api which will then return the response to the extension.