Поддръжка на The Movie Database
Поддръжка → API поддръжка
API Key and JavaScript
публикувана от lucrusSTAFFMOD на 28 януари 2017 в 3:26 AM
I'm developing a little website that makes use of TMDB data. It should let users search the TMDB database with a JavaScript function, but that would require me to send the API key to the browser, making it ultimately available to anyone, and I'm concerned about security. Is it a common practice for TMDB JavaScript clients to hold the API key? Are there any better practices for TMDB JavaSript development?
Отговор от Travis Bell
на 28 януари 2017 в 11:04 AM
Yes, there's not going to be much you can do. We don't worry too much about this. Since we offer our service for free, there really isn't much of a reason to steal someone else's key. Having said that of course, if you feel like your key was stolen and has activity on it that isn't yours, we can always shut it down and issue another.
Отговор от lucrus
на 29 януари 2017 в 5:02 AM
In this case, from your point of view, you have a rate limit in place, so the worst you can face is a key revocation and issue of another one. From my point of view, it would be a DoS. I think I'll move the TMDB code on the server and provide my clients with my own webservices then. Thanks for the help.