in the example off the mapquest it say that some api require developer to has a key
but if i inspect the code i could get the developer key so is that possible that i use that developer key to do bad stuff or there are other security measure that i missed here
i mean the key is still available in the code that sent to the browser
and the newyork and youtube example has the same issue
@justsomeone this is a good question! Yes, just having your security key available in the JavaScript source is not necessarily a good idea. In a real production app, you’d hide it in some way, for example by having it stored in a text file not accessible from the web, and using your code to grab it from there.