I am using IBM's SoftLayer Object Storage which is similar to Amazon's S3.
From my web app, I allow users to upload files. Currently the web app communicates with my RESTful API which then communicates with the SoftLayer Object Storage API. Communication with SoftLayer requires a username and a key -- these are meant to be secret.
Because upload files can be large, I want to to bypass my API and communicate with SoftLayer directly from my web app. I believe this is possible, but the problem is that then I will expose my username and secret key via my application's publicly visible source in JavaScript.
Is there any way around this with SoftLayer?
It seems something like this is possible with S3:
You can generate a token which is valid for 24 hours and it eliminates the need of using the credentials on every call.
You can use this "token" to Get/Create/Delete containers, files through REST APIs.
See "Authenticating to the Object Storage" section in the following link:
Managing SoftLayer Object Storage Through REST APIs
Also, you will find in this link, more information about using SoftLayer Object Storage through REST APIs.