+ 3

What can somebody do with an API key?

Isle people say to keep your api key secret/ private. Bbt what harm could someone do if they have ur API key?

18th Oct 2020, 7:28 PM

Ginfio

5 ответов

+ 10

The keyword here is um... "key". You wouldn't hand out copies of your house or car keys to untrusted people or strangers would you? Nor would you share your credentials for SoloLearn, email, Github, or any other password protected account. As it was already stated, there may also be usage restrictions that could be reached by others. While this may not seem like a big deal to someone using free accounts, I guarantee it would matter when there's a cost associated to usage. Then, there's terms of use and potential liability issues to be concerned about from people with nefarious intentions to use your account for illegal purposes while putting you on the hook to blame. Being relaxed about your API Key in professional scenarios could result in hackers stealing sensitive data or money from your own organization. So... that's the general concern about not disclosing your private API keys.

19th Oct 2020, 1:14 AM

David Carroll

+ 6

If you expose your API key, then that API is now usable by anybody, on any site. What if your API can return sensitive information? What if someone likes whatever your API does and just uses your service instead of building their own? What if someone wants to be a jerk and creates an infinite loop that makes calls to your API over and over and brings your service down?

18th Oct 2020, 7:45 PM

Foobatboy

+ 3

An api key is assigned to you. Like anything else thats assigned just to you, you should keep it to yourself. And the harm depends on the api. Plus if you let that slip, there's no telling what other info could be easily nabbed and used against you.

18th Oct 2020, 7:33 PM

Slick