Is it safe to use my Flickr API key in client-side JavaScript?

Question

I want to use the Flickr API method flickr.photos.search in JavaScript, to search for all my photos with a specific tag:

http://api.flickr.com/services/rest/?method=flickr.photos.search&api_key={API_KEY}&user_id=50001188%40N00&tags=fazynet&format=rest

(To make it work, change {API_KEY} to a valid Flickr API key.)

My question is: Is it safe to include that key in client-side JavaScript?

I've seen some tutorial sites doing it, but what's to stop someone copying their API key (or mine) and going over the rate limits?

Of course, I could set up a very simple proxy running in Node.js that inserts the key (probably even Apache or Nginx could do it), but it's one more thing to set up and monitor.

If there's a safe, pure JavaScript solution, I'll take that please. :)

Note, I am currently using this query which requires no authentication:

http://api.flickr.com/services/feeds/photos_public.gne?id=50001188@N00&tags=fazynet&format=json

However, the results appear to be no longer reflecting changes (after at least a 24-hour wait).

Answer 1

There isn't a pure JavaScript method to achieve this I'm afraid, you will have to create a server-side script to perform the API call and call that script instead.