Pinata - how to use private key

I want to use pinata. Is there any way I can use it without using my back-end service ?

The reason I am asking is becuase I don’t have the back-end service and I need to directly use it in my front-end. Pinata gives me the private key, but if I put it in the front-end, it’s visible to the whole world.

Sure, I can put the key in the continous integration place, where it will be injected from there, but as you know, it can still be visible, but only harder to get for malicious users, but still possible to get.

Any idea how you guys solve this ?

Sorry, I don’t know why you want to use the Pinata in front-end, your private key is yours. if you put your private key in the front-end, anyone can put some things to your Pinata space and it’s not safe.
So, What do you want to do using the Pinata?

Pretty Simple.

I want users to be able to upload stuff on my website which never should get removed. So I guess the only choice is I should upload the data to my node.js server and then I will pin it from there to pinata. Correct ?

Yes, although you should be able to tell Pinata to fetch the data from the end-user.