top | item 47163945

(no title)

michaelt | 3 days ago

Keys could have certain restrictions [1] such as HTTP Referer, which meant you couldn't just embed a map on your website and charge a different website for the views.

Not perfect protection of course - an attacker could spam requests with all the right headers if they wanted to - but it removes one of the big motivations for copying someone else's API key.

[1] https://docs.cloud.google.com/api-keys/docs/add-restrictions...

discuss

voidUpdate|3 days ago

I was thinking more maliciously targeting the developer and running up a huge bill than reusing their key for your use