top | item 44377777

(no title)

iaresee | 8 months ago

Whoa. Who at Google thought providing this as an example of how to test your API key was a good idea?

This is shown at the top of the screen in https://aistudio.google.com/apikey as the suggested quick start for testing your API key out.

Not a great look. I let our GCloud TAM know. But still.

discuss

nickysielicki|8 months ago

it's wrapped in TLS, is ok.

unknown|8 months ago

[deleted]

asadm|8 months ago

What's wrong here?

iaresee|8 months ago

Don't put your API keys as parameters in your URL. Great way to have them land in server logs, your shell history, etc. You're trusting no one with decryption capabilities is doing logging and inspection correctly, which you shouldn't.