I wish to create an API server that will provide json data to be consumed by my ember app. However, there may be other third-party clients too so I want to do something like issue them a ‘client-id’ / ‘API-key’ combo so that I can rate-limit them etc.
However, since my own website will also be making calls to this api server, my API-key will have to be on the client side, which presumably other can inspect and use.
What is the design pattern to allow third-party apps to register with me and require a client id/API -key, without exposing it on the client side.
Or am I missing something here?