Home > Blockchain >  How do I prevent the Google API from being used by others?
How do I prevent the Google API from being used by others?

Time:02-14

I'm going to make a project using the Google translate api and I'm thinking of uploading this project to a server and just sharing it with my friends. But unfortunately the Api Key that I will use in the project can be accessed clearly in the JavaScript file. This is a very bad situation. To prevent this, I have limited the Google Cloud Api and as far as I understand it is only allowed to be used on the links I allow. It cannot be used on other links. Now my main question is, is this method enough to protect Api from malicious people? Do I need to do anything else? Thank you in advance for your answers.

CodePudding user response:

Best practice in these cases is to use .env files to keep data like API keys private.

CodePudding user response:

You have to create a server for that which will perform OAuth and then send an API request to google.

You can get help about how to implement OAuth from this topic provided by google: https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow

If you send/attach your API key in frontend like javascript which is basically a frontend language then it can be used to:

  • Send fake requests which will use all of the bandwidth etc.
  • Related