0

I've built an app with vanilla JavaScript that searches for nearby dogs to adopt. It uses the Petfinder API, which is free. Anyone can request one. After doing some research, I've found that you cannot hide your API key and secret (without your own server, if that's correct).

So should I just go ahead and publish this website? I'm buying a domain for it and using my existing hosting. Are there any risks with having this info out there? The app does not take in any personal information. Just searches dogs by zip code and distance, and displays info about the dog and where to contact.

I'm a beginner with this stuff, as this is my first API project.

tneilson08
  • 137
  • 2
  • 9
  • Doesn't seem like key has any limitations on it, https://www.petfinder.com/api-terms-of-service/. So I guess nothing would happen. Generally a key would have a limit of X requests in some duration (1 minute, 1 hour), and X requests over some period (1 day, 1 week). So you wouldn't want other users using your key in those scenarios because your requests and theirs would max out quicker. – user3783243 Jan 17 '21 at 19:47
  • **without your own server, if that's correct** then you don't you use your own server? Of course no one is going to be able to see your API Key if you are sending the request from the server side. How are you going to "publish" the website without a server? Perhaps you mean a server will host your static `HTML` and `JS` files. – Countour-Integral Jan 17 '21 at 19:51

2 Answers2

1

Not hiding your API key and secret may result in others using your API for free which is possible abuse to you if you paid for it.

Attackers might use your credentials for attack and the blame goes on you.

If the API you use works on GET requests and is a feature of some public application, others can easily get your API key anyway.

Given the nature of API you're using, hiding the API key might not be necessary.

amankrokx
  • 52
  • 5
0

Anyone that can get to your api key and secret can then access that api and pretend to be you.

halfpastfour.am
  • 5,764
  • 3
  • 44
  • 61