I have an issue with google map API key, which is perfectly working when we are using this key in india ( with accurate locations ) but when it comes to Kenya it doesn’t. Though the Key is generated with Kenya’s account.
What might be the issue?
Thanks
Related
I'm working on a react project in team. We are using a few third party services and these services require api keys. Right now We are storing these key right in the code. As I know It's not good and dangerous.
I tried to find some recommendations in that regard. All ways to solve this problem I see now are:
create .env file and store all key there (but in this case I need to share my keys with other members of the team)
or move all keys to server and always make a calls to the server in order to get required information (but in this case I have no idea how to work with external components which are require keys, for example google maps/places/drawing and so on).
Which way are you using in your team and why? I would like to understand what's the best solution for me.
Thanks!
You cannot really hide an API key used for a client-side API such as JavaScript API and its services. The right way to secure your API key is to add API key restrictions.
Check out Google's guide on API Key Best Practices. You may also want to have a look at this answer.
Hope this helps!
On the API console, I only see the API key for self-use. But the most of the documentation makes a reference to a secret key either while forming the CB-ACCESS-SIGN or initializing an auth object.
Should I instead create an OAuth application even if it's for self-use? Appreciate any help.
Finally found out that Coinbase only shows you the secret once during the key creation. If you don't save it, then you would have to delete the existing one and recreate it, which is what I did to solve this issue.
I'm looking at using the Angular Azure Mobile Service Client for a project, I saw this sample code:
angular.module('your-module-name').constant('AzureMobileServiceClient', {
API_URL : 'https://<your-api-url>.azure-mobile.net/',
API_KEY : '<your-api-key>',
});
Is it safe to use the API Key in an AngularJS app like this (or any JavaScript based client)? I'm unsure what someone could potentially do if they had this key?
Found this in the Azure Mobile Services documentation:
With default permissions, anyone with the app key may call the custom
API. However, the application key is not considered a secure
credential because it may not be distributed or stored securely.
Consider restricting access to only authenticated users for additional
security.
It is'Safe' depending on what you are trying to do. Javascript and any keys in it can be read by everyone. This is key is not meant to be used as a password to access important information. Instead it is made to prevent malevolent abuse of your application.
For example if someone is trying to log in 1,000 times per second with every possible password/username combination, they are submitting this key with each request. So you could throttle, or block anyone using this key. Then you would issue a new key to your apps. If you have a system for issuing those keys you might even identify the person that was doing it.
It can stop DDOS, Bruteforce, and some other abuses
I wonder how we can renew the Amazon merchant API key.
Is there an API call for this, or what is the procedure?
I googled a great amount but only find the procedure to request the first key, which does not work anymore if you are already using the API
We have the old data and are using them but it was compromised, so we need at least a new secret key.
Is this even possible?
There is a forum message which seems to answer it https://sellercentral.amazon.com/forums/message.jspa?messageID=3015879
"Yes, you can change your MWS secret key. Whenever you want to do that we will delete your MWS secret key from our end, and then you can sign up for MWS again to get new secret key through this link
https://developer.amazonservices.com/index.html/182-5557423-3858158 "
There is now no way to reset your own keys (that I can see). Instead you need to contact MWS support and ask them to do it for you.
This can be done via:
https://sellercentral.amazon.com/gp/mws/contactus.html
https://sellercentral-europe.amazon.com/gp/mws/contactus.html
If you put something like "URGENT - MWS Keys Compromised" in the subject line then they should respond quickly!
I am trying to run the sample application of DrEdit given in the Google Drive API page on my appspot domain. I am unable to do it.
I am confused on how to create the key for the web application. What should be filled in the "Web origin" and what should be filled in "redirect_url".
If i put "http://www.my-domain-name.appspot.com" in both the fields to generate the key. It gives a redirect_url mismatch error.
The redirect_url created in the older google api website is different because it creates a redirect_url of "my-domain-name.appspot.com/ouath2callback"(I haven't put www as i don't have enough reputation :p). i am confused on what to be put in the respective fields while creating the key.
Please Help.
Thanks,
Gaurav
You need to have "http://www.my-domain-name.appspot.com" registered as a redirect URI on API Console.