I am writing code in Javascript. How do I add the mailchimp libary (yarn or npm) to the project?
Not sure this is what you really want to do.
It works by sending the information to mailchimp, which then sends the email on your behalf.
The problem is that your use of the API depends on having an API key. You’ll want to keep that hidden so some spammer can’t get it and send a ton of emails on your account.
However, it needs to be in your app. Someone using the browser debug tools can then scrape it.
It looks like this is better used on a server, where users can’t get at the API key.
if we deploy it only to Volt server and run from there. Would the issues still be the same for security. The student wants to be able to send iphone emails from their appstudio app. Perhaps there is a different way to do that?
Thanks -
Yes, the issue is the same. Once a user opens the page from VoltServer, it’s running in the local browser. Pop open the Chrome Debugger and find the API key.
Does this mean all businesses who use this chimp api have this issue? Is there a way to get around this? Thanks -
They probably call mailchimp from the server using a call to a PHP file or similar.
You could put the API in a file in the app and then fetch the information from that file with a “fetch” just in the relevant function that sends the email. Normally that would make only the name of the file containing the API visible and (normally) an attempt by someone else to “fetch” that file would be blocked by CORS (I think)
However, the PWA code AppStudio inserts to create the PWA automatically caches all the files you name in the program. You could, I suppose, modify the pwa.js file that AppStudio creates. That file contains a line like
const contentToCache = [
'512.png',
'code.js',
'Emailer.js',
'Fetches.js',
'index.html',
'nsb/images/192.png',
'nsb/images/512.png',
'nsb/images/72.png',
'nsb/images/ajax-loader.gif',
'nsb/library/addtohomescreen.css',
'nsb/library/addtohomescreen.min.js',
'nsb/library/appstudioFunctions.js',
'nsb/library/iscroll.js',
'nsb/library/jquery.modal.min.css',
'nsb/library/jquery.modal.min.js',
'nsb/library/jquery3.js',
'toolbox/as/dist/asStyle.css',
'toolbox/bs4/dist/bsFunctions.min.js',
'toolbox/bs4/dist/css/bootstrap.min.css',
'toolbox/bs4/dist/js/bootstrap.bundle.min.js',
'toolbox/bs4/dist/open-iconic/css/open-iconic-bootstrap.min.css',
'toolbox/bs4/dist/open-iconic/fonts/open-iconic.woff',
];
And you could comment out the file that contains the API. My guess is that would work even on Voltserver.
But no promises—I haven’t tried it.
Good luck.
Tip : If you’re pasting code, html or config files, surround the code with triple back ticks (```), before the first line and after the last one. It will be formatted properly. (We fixed it for you this time)