is there anyway to protect the Bing maps API key from being exposed to the client?
Asked
Active
Viewed 8,703 times
1 Answers
7
Quite simply, no. The client application needs knowledge of the key in order to authenticate with the Bing Maps' servers and, since Javascript code cannot ever be completely obfuscated, it will always be possible for a user to extract your key from the code on the client-side.
There are various methods to obscure your key from human eyes browsing your source code (such as those discussed in the posts listed by Sandeep), but these are effective against only the most casual users - it is a trivial matter to use tools such as Firebug to reveal the key for any user so motivated to do so.
Alastair Aitchison
- 3,532
- 1
- 16
- 15
-
3If you only use the REST API you can proxy the calls through your web server (allowing you to add the API key on your web server). Also, [ArcGIS](http://www.arcgis.com/) Bing maps integration seems to somehow remove the need to put the API key in javascript, but I am not sure how, so it seems possible. – gregjhogan Jan 07 '15 at 03:57
-
I'm having a hard time understanding what the point of the key is if it can be easily stolen. I've explored the REST API a little so I can hide the key on the servers like @gregjhogan suggests, but it seems the REST API functionality is significantly reduced compared to what the Client Side V8 Web Control is currently providing. The only problem is that if I use the Client Side V8 Web Control, then as Aitchison says, I can no longer protect the key. – Shawn Eary Jul 30 '20 at 21:59
-
BTW: Google Maps seems to have the same issue... https://stackoverflow.com/questions/1364858/what-steps-should-i-take-to-protect-my-google-maps-api-key – Shawn Eary Jul 31 '20 at 14:30