7

I have an application I'm developing that's pure javascript and consumes the Stack API. My API key is embedded in the source which anyone could read. Is this safe?

Improve this question

1 Answer 1

Reset to default
7

Yes.

Your API key identifies your application for stat tracking purposes more-so than security purposes. It is safe to leave in a plain text, user readable, format.

Improve this answer

3 Comments

that's what I figured, since it's being passed around in querystring and headers. Thanks for confirming.
@Soviut - no problem. I've realized that maybe we shouldn't have called it a "key" (in v1, anyway) but we're stuck with the terminology now. Maybe "app id" would have been better...
@Kevin Montrose I have seen a trend toward "app id" as the new lingo.

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.