Webflow sync, pageviews & more.
NEW

When using Webflow, how can you securely store and protect public and private API keys when making API calls with third-party services?

TL;DR
  • Never expose private API keys in Webflow’s frontend; use serverless backend functions (e.g., Cloudflare Workers, Netlify Functions) to handle requests securely.
  • Use Webflow's native integrations or Logic with stored secrets when available.
  • Store API keys as environment variables in hosting platforms, and only use public keys in frontend with appropriate domain or IP restrictions.

To securely work with public and private API keys in Webflow, use best practices to avoid exposing private credentials, especially since Webflow is frontend-based and code is exposed in the browser.

1. Use a Backend Proxy for Private API Keys

  • Never expose private API keys in Webflow’s front-end (Custom Code or Embed blocks) since everything loaded in the browser is publicly viewable.
  • Instead, set up a backend service (using platforms like Cloudflare Workers, Netlify Functions, Vercel Serverless Functions, or Firebase Cloud Functions).
  • Your Webflow site should make a secure fetch request to your backend function, which then uses the private API key to call the third-party service.
  • This ensures that only your server knows the private key, keeping it secure.

2. Use Webflow’s Native Integrations When Possible

  • When Webflow offers a native integration with a third-party service (like Mailchimp or Zapier), use it.
  • These native integrations manage key storage securely behind the scenes, so you don’t need to store or expose them manually.

3. Use Webflow Logic (if available on your plan)

  • Webflow Logic, when working with authenticated APIs, can store API keys as secrets within the Logic panel.
  • These secrets are not exposed on the front end and can be securely used in workflows.
  • Ideal for forms, CMS triggers, or webhook-based automations.

4. Store API Keys Securely in a Hosting Platform

  • If you host backend logic (e.g., on Vercel, Netlify, or AWS), use their environment variable system to store API keys.
  • Never hardcode the keys in your scripts or code blocks.

5. Expose Only Public Keys in the Front-End (If Necessary)

  • Some services offer public API keys meant for use in the browser (e.g., Stripe publishable key, Google Maps API with referrer restriction).
  • If you need to use a key in an embed or Javascript block in Webflow, make sure it’s explicitly intended to be public by the service provider.

6. Protect API Access with Rate Limiting or Domain Restrictions

  • Use SDK or third-party dashboard to restrict your API key to certain domains, IP ranges, or with rate limits to protect against abuse.
  • Examples: Set referrer restrictions in Google Cloud Console or use domain whitelists in third-party services.

Summary

To protect API keys in Webflow, never expose private keys on the front end. Use serverless backend functions or Webflow Logic with secrets to handle private keys securely, and restrict public keys with domain or IP limitations when used on the front end.

Webflow Resources
Webflow templates
Webflow inspiration
Rate this answer

Other Webflow Questions

Explore Logic tutorials
How can I verify my student status with Webflow to use my student discount code?
What is the best way to create an auto-playing video loop on a web page using Webflow, without using third-party tools or integrations like YouTube?
How can I remove the scroll bar from the Calendly booking tool in Webflow?
How can I implement a multi-select field with a pre-selected option in a popup form on a collection page using Webflow?
What happens to a site on Webflow if I purchase a Site Plan for a specific number of months, publish it to a custom domain, and then let the plan expire? Will the site still exist on Webflow even if I can't edit it and it remains locked in my dashboard?
How can I modify the colors and design of the navbar on mobile in Webflow?
Is there a way to add a video to my Costa Rica Glamping webpage in Webflow without slowing down the page or sacrificing video quality?
Is there a way to redirect old URLs to new URLs in Webflow through the use of an .htaccess file?
How can I make my grid layout in Webflow more responsive, specifically on mobile devices, without affecting the design of the entire site?
Is it possible to create a dynamic list in Webflow and use it to link to Google Maps, similar to the hyperlink in the provided image?
How can I align the bulleted content to the bottom and the image to the top in Webflow?
How can I create two dropdown selectors in Webflow for a form, one for 'Location' and one for a hidden email response dropdown for Zapier and CRM integration?
Can the aria-haspopup attribute be removed in the responsive menu component in Webflow? My client's hired Accessibility Audit company is requesting its removal, but it seems hardcoded. Is there a way to remove these attributes?
How can I create an initial scroll to activate an anchor point to a second section of a page in Webflow?
Can components be duplicated in Webflow to customize them without losing the original?
Can Webflow be used to call a CSS or JS file stored on a different server, instead of hosting them on GitHub?
How can I dynamically redirect to a CMS created after form submission in Webflow?
In Webflow, how can I hide specific elements in the footer (such as "Ramin Khaze The Difference" and "Schedule showing") when the URL contains a certain parameter, such as "?mls"? I am a beginner in coding and would appreciate any help. Thank you!
How can I prevent the "w-current" class in Webflow from overriding the height of my custom class on a link block element?
Can anyone help me add a digital clock and date to my Webflow site? I've been able to add custom code, but I need assistance with styling the text. Thank you in advance for your help!
Can I capture a screenshot of a Webflow page on click and convert it to a downloadable PDF?
How do I mirror user input from a form field to a non-form text field on the same Webflow page in real-time using JavaScript?
How can I close a dropdown in Webflow when clicking on a link?
Is there a more optimal way to create a portfolio section with a sticky image container that changes as you scroll, similar to the design on Deveb's website, that works across different web browsers, especially Safari, using Webflow or any other JavaScript tools?
How can I implement a multi-select field with a pre-selected option in a popup form on a collection page using Webflow?
How can I alternate the layout of the image and heading for each collection item in a two-column format on Webflow?
How can I execute JavaScript code when clicking a specific button with a given ID in a Webflow project?
How can I disable the Webflow success or failure state for a sign-up form and display a custom thank you page using jQuery and the Webflow form submit state?
How can I create a vertical scrolling menu with Webflow, similar to the one on Apple's website, that switches to horizontal scrolling when the menu doesn't fit on one screen?
How can I change the language of the Google Maps embed from English to Arabic in Webflow?