+ 3

Is it okay to expose an API key if it is restricted to HTTP referrer, IP address, android app, or ios app?

I know generally, you shouldn't expose your API key. But what if I restricted it to my own website only (HTTP referrer). Should I worry about it getting stolen as long as it is restricted? Since it is restricted to a specific site, they can't use it anywhere else. right? This is about google youtube API btw.

30th Nov 2021, 6:02 PM
Ginfio
Ginfio - avatar
1 ответ
+ 16
If it is restricted to your website only, it is OK to expose it. No one will be able to use it.
1st Dec 2021, 5:38 AM
Igor Makarsky
Igor Makarsky - avatar