I am working on a very simple Chatbot solution by creating a knowledge base using Azure QnA maker. Once the Knowledge Base is published, we get endpoint with Authorization key. This endpoint is then integrated directly with a Client Angular app chat. There is no Azure Bot needed for our requirement.
I am now trying to figure out how to hide the Authorization Key that we pass in HTTP POST 'Authorization' header. Is there a way that we don't pass this authorization header from web application and pass that authorization key directly to App Service associated with QnA Maker via Azure Key Vault?
The only way is to add some API that your client will communicate with, then use this API to fetch secret from Key Vault and call QnA Maker API.
In order words: use server side communication where the QnA Maker endpoint and API key won't be exposed