I'm looking at the following guide: https://developers.google.com/youtube/v3/getting-started
The first step of interacting with YouTube's API is:
You need a Google Account to access the Google Developers Console, request an API key, and register your application.
And they continue on to show an example where they use the key:
URL: https://www.googleapis.com/youtube/v3/videos?id=7lCDEYXw3mM&key=YOUR_API_KEY &part=snippet,contentDetails,statistics,status
I have a client-side application which is used by many people. The application issues search requests to YouTube's API. YouTube's API has a request limit of 50 million requests per day.
Since it's a client-side application, my API key is embedded into the code.
Today, a malicious user scripted something to max out the requests:
I'm wondering what recourse I have to be able to defend against this sort of activity. Is my only option to host a server, route all needs for YouTube's API through my server, and deny requests when they come too frequently?
I have real concerns about implementing something like that. It would effectively double the wait time for every API request and also tax the server a seemingly unnecessary amount, but perhaps it is needed.
Do I have any other options available to me?
Thanks
Don't think it is a malicious user. I think something's wrong on YouTube's side, since I'm seeing exactly the same issue with API requests made from my app
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With