Sprijin Bază de date filme (The Movie Database)
Sprijin → Sprijin API
jsonp & api key security?
postat de către happycrappySTAFFMOD pe data de 22 septembrie 2012 la ora 3:24 PM
Hi,
I was wondering how guarded should my api key be? Is it ok to expose it to my users to be consumed by javascript (ala google maps key)? or should I consider it a private key that should only reside on serverside code?
If its the latter, whats the recommended method to implement a typeahead/autocomplete search?
Thanks
Răspuns de Travis Bell
pe data de 23 septembrie 2012 la ora 12:05 PM
This is always a tricky issue. With any public facing JavaScript project it will be impossible to obfuscate our API key. I realize there is nothing you can do about this.
Just be responsible with it, we offer our API for free so hopefully anyone wishing to use it will simply ask us for a key.
Răspuns de happycrappy
pe data de 23 septembrie 2012 la ora 1:37 PM
thanks!
Răspuns de rclai
pe data de 1 august 2015 la ora 6:22 PM
Travis,
If I expose my API key in the client-side, is someone able to take it and use it somewhere else?
Răspuns de Travis Bell
pe data de 2 august 2015 la ora 10:55 AM
Hi rclai,
Yes, someone would be able to. The thing to keep in mind, which is why we don't generally regard this to be a big problem is that we offer the API for free. Everyone can sign up an account and request a key themselves.
Cheers.
Răspuns de rclai
pe data de 2 august 2015 la ora 6:41 PM
Thanks for the answer. I guess the IP based rate limiting helps relieve this issue too.