Reputation: 33
Ocp-Apim-Subscription-Key in header of AJAX Bing web search API requests
We're working to switch from Google CSE to Bing's Web Search API.
The Ocp-Apim-Subscription-Key is visible in a request header (called with an AJAX request).
How do we protect it from use by a third party?
(Note: We don't have any experience with Azure tools.)
Upvotes: 2
Views: 784
Answers (1)
Reputation: 2275
You should not be embedding the subscription key into a client-side query. Your search queries should go from the client-> your server -> Bing server and then back the same way.
This information, although on the Image Search page, applies to all Bing Searches:
All requests must be made from a server. You may not make calls from a client.
Although there are some cases where client-side calls are acceptable, such as internal-use cases, client-side is strongly not recommended.
Upvotes: 2
Related Questions
- Trouble finding Ocp-Apim-Subscription-Key for Azure Bing News
- Pass only 1 header instead of Authorization and Ocp-Apim-Subscription-Key in Azure API Management
- Bing Video Search API 401: Access denied due to missing subscription key
- Bing Local Business Search API | Sending a request with Postman
- Search Bing via Azure API using Python
- Unable to Authenticate Account key in Bing web search
- How to pass Bing Search Ocp-Apim-Subscription-Key in an NSURLSession?
- Basic Authentication of Bing Search API
- What are the Ajax authorization headers for a Bing API request?
- Can't figure out how to query Bing/Azure Marketplace API