question

ShahrukhMateen-1499 avatar image
1 Vote"
ShahrukhMateen-1499 asked ramr-msft edited

How to hide subscriptionKey and speechRegion for JavaScript integration with Microsoft Azure Speech services

Is there an efficient way to hide the the subscriptionKey and speechRegion attributes for a JavaScript based integration with Azure Speech to Text services.

I am using Java/Spring based framework for my web application at server end, and AngularJS for the client-side.

I would also like to know what is the industry standard for such an integration. I am looking for a JavaScript based integration as it would speed up the asynchronous speech recognition in place of an additional REST API call to the server if I go for a Java-based integration. Also, Java-based integration requires Java 8 and up and I need to stick with Java 7 for my application.

Azure documentation: JavaScript Quickstart

P.S: By hiding the attributes, I mean the key values are not visible if someone tries to inspect the JS file in the browser.




azure-cognitive-servicesazure-speech
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ShahrukhMateen-1499 Thanks for the question. Please follow the below guidance to create an environment variables.
https://docs.microsoft.com/en-us/azure/cognitive-services/cognitive-services-apis-create-account?tabs=multiservice%2Cwindows#configure-an-environment-variable-for-authentication and
JavaScript: Added Speaker Recognition support for browser.


0 Votes 0 ·

Hello, Thanks for your response.
I could not understand how setting environment variables would help in hiding the subscriptionKey and speechRegion on the client's browser.

0 Votes 0 ·
ramr-msft avatar image ramr-msft ShahrukhMateen-1499 ·

@ShahrukhMateen-1499 Thanks for the details. doing this in Javascript is not a good idea, because Javascript doesn't provide a good method to protect your secret, and doesn't allow you to easily set the http headers. Our recommendation is to obtain the access token on your server via SSL (using C#, PHP, or other server scripting language) and only transmit the access token embedded in the Javascript to the client. The client then uses the access token in its calls.

Please follow this quick start to Recognize speech in JavaScript on a Web Browser.
https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/quickstart/javascript/browser

Please follow the front end java script samples for cognitive services.
https://github.com/Azure/azure-sdk-for-js/tree/master/sdk/cognitiveservices

1 Vote 1 ·
Show more comments

1 Answer

DestinJoy-0985 avatar image
2 Votes"
DestinJoy-0985 answered TomLynch-6579 commented
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello, Thanks for your response.

The proposed approach requires an additional REST call to the server side.
Is there not an accepted/recommended approach to achieve this?
How do the subscribing applications ensure that their keys are hidden in case JavaScript-based API integrations?

If there is no way to hide/protect the subscriptionKey and speechRegion
then why are JavaScript-based API integrations recommended in the first-place?




1 Vote 1 ·