Risks of exposing the api key

2 posts / 0 new
Last post
nnido_developers
Risks of exposing the api key

Hi!

We’re making an app with the free plan. We're planning to use the api on a serverless app to do reverse geocoding and show a map and I wanted to know what are the risks of the api key being exposed in this case, and what are the best practices recommended for this kind of use.
Should I secure the key using a proxy? What would happen if someone stole the api key and exceedeed the 15.000 quota? would we start to be automatically charged, would the api stop working, would we receive a notification? Thank you!


MQBrianCoakley
You can use a proxy to add a
You can use a proxy to add a key to a request from the app. Several users already do this. Otherwise, the key sits in the html/javascript code and can be found. We are not aware of any stolen/abused keys but it could be done and if the key is used outside the app, transactions will be counted as they were from the app. Once the transaction quota is hit, the requests with that key will get an error message response. Choosing an overage plan is handled differently until the top plan is in place. If the key uses the transactions for the top plan, error messages will be returned.