0

The reason for using an API key has been mentioned in this post(What is an API key?) like this :

"Typically, if you can identify the source of a request positively, it acts as a form of authentication, which can lead to access control. For example, you can restrict access to certain API actions based on who's performing the request. For companies which make money from selling such services, it's also a way of tracking who's using the thing for billing purposes. Further still, by blocking a key, you can partially prevent abuse in the case of too-high request volumes."

The above answer is relevant in case of commercial services but what about services like google recaptcha which is a free service? What is the point in having an API key in this case and why do they provide a public and private key?

Community
  • 1
  • 1
depz123
  • 497
  • 5
  • 18

1 Answers1

1

Valid point. I wish the answer was so that you can see analytics for each of your sites and how many captchas are being displayed, attempted, passed, failed, etc. This would be meaningful information for the website admin. However, I don't believe Google currently provides that information for recaptcha. In this case, I think the answer is so that Google can track that information for their own use, and the reason for the private key might be so people attempting to test programs that break recaptcha must use their own key, making it easier for Google to detect and isolate it, and therefore take measures to change recaptcha to prevent exactly those types of cracks.

TTT
  • 22,611
  • 8
  • 63
  • 69