getApiKey()
This is a simple (and insecure) obfuscation technique: XOR encoding scrambles text using a shared secret number, and applying XOR again with the same key perfectly reverses it. It's a fun demonstration of bitwise operators but should never be used to protect real secrets in client-side code, since anyone can view the source and decode it themselves.
function getApiKey() {
return atob(encoded).split('').map(c => String.fromCharCode(c.charCodeAt(0) ^ key)).join('');
}
Line-by-line explanation (4 lines)
🔧 Subcomponents:
atob(encoded).split('').map(c => String.fromCharCode(c.charCodeAt(0) ^ key)).join('')
Base64-decodes the encoded string, then XORs each character's char code with a fixed key to reverse the scrambling and reveal the real API key
atob(encoded)- Decodes the base64 string 'encoded' back into a raw scrambled string of characters
.split('')- Turns the string into an array of individual characters so they can be transformed one by one
.map(c => String.fromCharCode(c.charCodeAt(0) ^ key))- For each character, gets its numeric character code, XORs it with the secret 'key' number, and converts the result back into a character - this reverses the original XOR scrambling
.join('')- Glues the array of decoded characters back into a single string, producing the real API key