Design comparison
Solution retrospective
Any suggestions or improvements are welcome!
Community feedback
- @FarisPalayiPosted about 3 years ago
Good job on this one 👍
The API keys should be hidden. So, if you can, try to do that. I guess that you are not using a paid API service, so it'll not be a big problem. The worst that could happen is that, your site will be broken and non-usable (I think 🤔 that's the worst).
But, whenever using a paid API, API keys must be hidden. Because, it can lead to losing your money from your account. And it is really easy to do the exploitation if you know the API key. If I need to break your site now, all I need to do is create a for loop with a lot of requests to that API with your API key. Every API service will have a limit on how many requests can be done. What they do after the requests exceed the quota, depends on the API service. (Some ban the account. Some generates an error message, and any requests will be failed until the request rate fall under the limit, etc.).
There are multiple methods to hide API keys. For example, by using environment variables or using serverless functions. (you can just google it to see how to do that).
Also, if you are gonna hide this site's API key, first you need to change it, because: 1 - It is exposed to the whole world. 2 - Even if no one saw this, it can be accessed via history since it is already uploaded to GitHub.
Nowadays, major API service providers do a lot of work to minimize this kind of damage by using a lot of methods like Principle of The Least Privilege and stuff like that. But, it's always good to hide/secure your API keys. And it is a must when you are using paid APIs.
Hope all of this made sense. And also, don't feel pressured to do anything just because I said so :).
Have fun coding ✨
Marked as helpful2@AikeNyanLynnOoPosted about 3 years ago@FarisPalayi Thanks you for ur kind suggestion! I will fix it
1
Please log in to post a comment
Log in with GitHubJoin our Discord community
Join thousands of Frontend Mentor community members taking the challenges, sharing resources, helping each other, and chatting about all things front-end!
Join our Discord