Hey everyone,
I’ve been working on a cool project for my website. I want to display my Spotify and gaming activity in real time using Discord’s gateway. Everything functions well, but I’m concerned about safeguarding my bot token so that it doesn’t fall into the wrong hands.
My site is hosted on Netlify, and I’ve attempted to fetch the token from environment variables using functions. Unfortunately, the token still shows up in the network tab.
I explored options like encrypting the payload or modifying the request within functions, but I’m not convinced that it’s a viable solution.
Even though the bot only has access to presence updates and can post in one channel, I want an extra layer of security. I also thought about using OAuth2, but that might lead to extra clicks for the user just to access some basic status details.
Any suggestions on how to secure the token better, or is this approach simply flawed?
hey mate, have u considered using a proxy server? It could act as a middleman between ur website and discord API. That way, ur bot token stays on the server-side & never touches the client. might be a bit more work to set up, but could solve ur security worries without complicating things for users
I’d recommend setting up a backend server to handle the Discord API interactions. This approach keeps your bot token secure on the server-side, away from client-side exposure. You could use a lightweight server like Express.js or Flask, depending on your preferred language. The server would manage the Discord connection and token, then expose a simple API endpoint for your frontend to fetch the status data. This method adds a layer of separation between your sensitive credentials and the public-facing website, significantly enhancing security without impacting user experience.
As someone who’s faced similar challenges, I’d suggest looking into serverless functions like AWS Lambda or Cloudflare Workers. They’re perfect for this kind of task and can securely handle your Discord bot interactions without exposing sensitive info.
I implemented this for a project recently. The function acts as a secure intermediary, managing the Discord connection and token. Your frontend then just needs to call this function to get the status data.
It’s relatively easy to set up and integrate with your existing Netlify setup. Plus, it scales well and keeps costs low for small to medium traffic. This approach gave me peace of mind about token security while maintaining a smooth user experience.
Just remember to properly configure your function’s permissions and environment variables to keep everything locked down tight.