I've seen services like Google that require you add an API key when making a javascript call, like this.
https://www.google.com/jsapi?key=thekeygoeshere
What's the point of having this javascript api key when the code can be seen and the key can be read. Can't someone just copy this key and use it for their own site? Or is there something else that they do in the background to ensure that the key belongs to the site making the call?
An API key is usually a unique string of letters and numbers. In order to start working with most APIs, you must identify yourself (register) and get an API key. You will need to add an API key to each request so that the API can recognize you.
The only way to hide it is to proxy your request through your own server. Netlify Functions are a free way to add some simple backend code to a frontend app. This is this method I used while learning to program in college, where I needed to share my progress with my peer group without disclosing my API keys.
There are a several reasons why your google maps may not be working, the most common issue being no Google Map API key set or set incorrectly. To use the Google Maps JavaScript API, you must register your app project on the Google Cloud Platform Console and get a Google API key which you can add to your app.
Presumably they check the referer HTTP header.
The majority of users send it. So if is:
The majority of visitors to a site using the wrong key will get blocked, so it won't be worth using the wrong key on the site in the first place.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With