Yes, take a look at our EO Browser, for example.

With public web-applications, there is always a risk that someone will hijack the API credentials (e.g., OGC instance ID or process API OAuth client ID/secret) and misuse them for their own purposes. We have worked around this by integrating Google reCAPTCHA technology. Our Enterprise-level users can use this as well:

  • Register your own reCAPTCHA keys here: reCAPTCHA v3.
  • You will receive a reCAPTCHA token and secret.
  • Put this token into your application (as an example, see line 29 in SentinelPlayground/tokenAssisted.html).
  • Write to us requesting a client_id, and send your recaptcha secret with it. The secret is required, so that the backend can verify the captcha.
  • After a token will be generated for you, set it in your application (as an example, see line 25 in Sentinel Playground).

Note, that as with any other security measure, things can be broken. However, we have found this option to be quite secure. You can, of course, implement another method of hiding credentials on your side.