I've api secrets which i'd rather not show in public places but nonetheless i wish to assign these as global javascript variable in order to access these in scripts. The api key are saved in database and available via php.

Suppose i've the php variable $key which i wish to assign to some global javascipt variable. Not things i do is incorporated in the mind tag make use of this type of code.

window.key = <?php echo $key; ?>;

But this way the api secrets are available within the mind tag. I believe you get the drift. Thanks!

FYI: I'm employed in wordpress. So, if there's any wordpress specific solution you're most welcome!

It isn't possible, since JavaScript is client-side and for that reason always public.

attempt to request the important thing via ajax.

however it it's still visible at runtime. an individual using firebug could look into the answer from the request and may also display the variable via console.sign in the firebug-console.

a javascript variable is definitely visible for that client.

All javascripts are visible. You do not inform us the reason why you need api key, and so i propose following solutions:

  1. You are able to set a brief api key for that client

  2. If your client really wants to download personal files via api key you should use proxy, designed in php, then when client download page http://yoursite/proxy/ its hiddenly download http://somesite/api/api-key/ and coming back for client