score:1

you could write an express server to make the api calls with the key and serve the same response. using the express server as an intermediary this way, you will never have to expose the api key on the client side.

edit: didn't read that you already thought about it

in that case, you can use webpack-dev-middleware (https://github.com/webpack/webpack-dev-middleware) and use just one express server to serve the api and static files.

your code might look like this:

var path = require('path');
var express = require('express');
var webpack = require('webpack');
var config = require('./webpack.config.dev');
// require keys

var app = express();
var compiler = webpack(config);

app.use(require('webpack-dev-middleware')(compiler, {
  noinfo: true,
  publicpath: config.output.publicpath
}));

app.use(require('webpack-hot-middleware')(compiler));

app.get('/api', function(req, res) {
    // api logic
)}

app.get(/^(?!\/api).*$/, function(req, res) {
  res.sendfile(path.join(__dirname, 'index.html'));
});

app.listen(3000, function(err) {
  if (err) {
    console.log(err);
    return;
  }
  console.log('listening at http://localhost:3000');
});

Related Query

More Query from same tag