So I’m putting together a plan as to how an NFT website that I would like to create would function. I’m stuck at point 5. It goes like this:
1 - Website listing all tokens. The user chooses the token
2 - The page says: Send ADA to this address, once done please submit the address that you sent the ADA from
3 - Page says request submitted. Once the transaction’s block has x confirmations, the token will be sent to your address
4 - Website backend, through API calls to the blockchain using https://blockfrost.io/ (or cardano-db-sync), searches for the transaction to validate it.
5 - If it is validated, sign the transaction to send the token and submit it to the network.
The problem with point 5 is the moment I expose the private keys (which are absolutely necessary to make the transaction) to the internet (where the website is hosted), I’m exposing myself to hackers.
Is there a recommendation that you guys can give to better do this?