Third-party APIs security issue

in the example off the mapquest it say that some api require developer to has a key

but if i inspect the code i could get the developer key so is that possible that i use that developer key to do bad stuff or there are other security measure that i missed here

i mean the key is still available in the code that sent to the browser

and the newyork and youtube example has the same issue

hope someone help me here and have a nice day

Hello @chrisdavidmills

could you help me here :slight_smile:

thanks and have a nice day

@justsomeone this is a good question! Yes, just having your security key available in the JavaScript source is not necessarily a good idea. In a real production app, you’d hide it in some way, for example by having it stored in a text file not accessible from the web, and using your code to grab it from there.

thanks a lot @chrisdavidmills :slight_smile: