Reputation: 587
Is it secure to expose google shortener api key in code
I am using google shortener to generate a short URL, the long URL doesn't have any secret data, also the website is fully public. there is any risk to put my API key in the source code for my app
Upvotes: 0
Views: 83
Answers (1)
Reputation: 2375
You probably don't want to do that. If you put the API key in the source code, others will be able to call the Google API as you. From the getting started doc:
"By default, your registered project gets 1,000,000 requests per day for the URL Shortener API (see the Developers console for more details)."
This exposes you to a denial of service - if a malicious entity decides they don't like you, they can grab your source, make 1M short URL requests as you, and you will be unable to make the requests yourself.
Upvotes: 1
Related Questions
- Is it safe to distribute client_id and client_secret for Google API for an installed application?
- Exposing oAuth 2.0 client ID and API key for Google API
- Is it safe to have visible Google Drive API keys in Javascript?
- Is having the client id and client secret in code a security risk?
- firebase and google shortener with the same API key
- Google API Key failed on google urlshortener api
- Using Google URL Shortner API for Web Browsers
- Security: google client secret in app source code safe?
- google url shortener not working with api key via curl in console
- Should the google api key be private?