+ 3
Is it okay to expose an API key if it is restricted to HTTP referrer, IP address, android app, or ios app?
I know generally, you shouldn't expose your API key. But what if I restricted it to my own website only (HTTP referrer). Should I worry about it getting stolen as long as it is restricted? Since it is restricted to a specific site, they can't use it anywhere else. right? This is about google youtube API btw.
1 Answer
+ 16
If it is restricted to your website only, it is OK to expose it. No one will be able to use it.