Should I keep my Blogger browser-apps API key a secret?

☆樱花仙子☆ 提交于 2021-01-27 17:36:32

问题


Referring to the highlighted API key in the below image, I am wondering if the Blogger API key that's used for browser apps should be kept secret.

enter image description here

The reason I ask is because I'm planning to write a blog post about using the Google Blogger API in JavaScript and would have liked to provide a working example using the API (along with the API key in a code example) publicly on jsFiddle.

This is what I've found in the documentation (highlighted notable section):

[...] When your application needs to call an API that's enabled in this project, the application passes this key into all API requests as a key=API_key parameter. Use of this key does not require any user action or consent, does not grant access to any account information, and is not used for authorization.

So am I right to assume that I can publicly share this API key without running the risk of having someone do a malicious act with it?


回答1:


While no account information, authentication and other stuff can be obtained by the key alone, it's used to link API calls to a Google Project.

If the key is publicly available people could do requests with it and the Google API would link the requests to your Google Project. This could give malicious users the ability to spam requests with this key, probably making your account hit the daily request quota.

In the end it's up to you, but it's recommended not to make your API key public.



来源:https://stackoverflow.com/questions/16147291/should-i-keep-my-blogger-browser-apps-api-key-a-secret

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!