I use the map element provided by bubble.
However, I would like to use the Maps JavaScript API with some HTML elements to display the map.
I have a problem.
The problem is that with the Maps JavaScript API, the API KEY can be viewed by anyone using the developer tools.
HTTP referrer restrictions can control API abuse to some extent, but they are not perfect.
Does anyone know of a way to completely hide the API KEY when using the Maps JavaScript API with HTML elements and still be safe?
Hey @yuta , check this doc: Security reference - Functionality Reference
Thanks, I’ll look into it properly.
Why you think HTTP referrer is not perfect? I am curious. @yuta
I checked and it seems that HTTP referrer can be easily forged.
Even if you have it configured to only accept API requests from A.com,
If someone is familiar with the program, he/she can forge the HTTP referrer to make it look like the API request is coming from A.com, even though he/she is accessing from B.com.
It seems that the API can be used fraudulently in that way.
Can you share some example or some article where people has done that?
This topic was automatically closed after 70 days. New replies are no longer allowed.
