Access via the frontend

[Kayanski]

Hey everyone,

is it possible to access the setten service via our website directly ? I understand we need to indicate the project id and the key in the request. Can't random people just use our project id and key to send requests on our behalf (thus increasing artificially our usage) ?
Thanks everyone and good luck with this difficult period

[etienne-napoleone]

Hello @Kayanski !

It is possible to use it this way, yes, but we don't recommend it.
As you said, anyone would be able to take your endpoint URL + token and exhaust your quota.

In a perfect scenario you'd not need to expose it on your front-end tho, here are two ways we recommend architecting DAPPs depending on what you are looking to achieve:

1. The "true" dapp
   [+] decentralized, close to no infra on your side
   [-] slow, lesser UX
   This is done by having a frontend with no API or backend, relying only on the user's wallet LCD/RPC provider.
   Meaning the user has the sole responsibility for the data source by setting up his wallet accordingly.
   This architecture is seen a lot on Ethereum dapps for example.

2. The "fancy" dapp
   [+] better UX, better speed
   [-] need to index data on a dedicated backend
   If your goal is to have a quick and nice UX with historical data, graphs, etc. it is better to index the data you need on your backend (using Setten as a source, for example) and serve it to your frontend through your backend API.

I think you are trying to implement a 3rd solution, where data is directly queried from the frontend to a hard-coded lcd of your choice, which makes you stuck with two bad options: you either hardcode the public lcd, but then your app will not be reliable, or a private one but open it to be DDoSed.

Good luck with your project!

---

Edit: with terra station extension, the webapp has access to the LCD provider from start without needing to connect wallet. Removed having to connect wallet to see data from the "true" dapp minuses.

[Kayanski]

Okay thanks for the comprehensive answer. You got my thinking right, i want this third option (no need for wallet connection to query the chain + as decentralized as possible). I'll open the frontend to DDosing, we'll see how it goes :)

[etienne-napoleone]

I've seen really big cross-chain bridges use this approach with their webapp, might work even if we advise against it :)
If you need a more custom plan feel free to dm us on twitter or via our telegram room

[Kayanski]

Yes of course it's dangerous ! Thanks again for all your help :)