I’m conscious when using leaflet.js that anyone can see and steal the API key. Is there a way we can lock it down by domain to stop potential theft?
Is there any improvement on that point yet? I still see difficulties when there is an open app anybody could use my API key.
unfortunately RapidAPI does not support the feature of locking an API key to a domain (referrer). And even that would not be 100% save as anyone could spoof a referrer. Nevertheless we never saw a stolen or misused API key so far. RapidAPI does support key rotation in case you would see any unusual requests (see https://docs.rapidapi.com/docs/keys ).
We’ve sent you some further options for more API key security by mail (should arrive in a few minutes).
Aşağıya yorum ekleyerek tartışmaya katılın: