4

I know this may come off as a very noob question.

I'm using Leaflet JS for mapping purposes in my application. For the mapping tile providers, I setup both MapQuest and Cloudmade. Both of them have a format similar to 

tileserver.com/SOME_PARAMS/API_KEY/TILE_NUMBERS

to fetch the appropriate tiles to show in the map container.

What I'm confused is how can I keep the tiling javascript API key hidden from end users?

Bornfree
  • 868
  • 7
  • 21
  • 1
    See Justin's answer to this similar question: http://stackoverflow.com/questions/31611072/how-to-secure-the-javascript-api-access-token – PeterS Aug 24 '16 at 11:13

1 Answers1

0

Generally this isn't possible: even if you were to write some JavaScript to obfuscate that value, anyone could just right-click on a tile and see the API key in its URL.

tmcw
  • 11,536
  • 3
  • 36
  • 45