我应该对我的Blogger浏览器应用API密钥保密吗? [英] Should I keep my Blogger browser-apps API key a secret?

问题描述

请参考下图中突出显示的API密钥，我想知道用于浏览器应用程序的Blogger API密钥是否应该保密.

Referring to the highlighted API key in the below image, I am wondering if the Blogger API key that's used for browser apps should be kept secret.

我问的原因是因为我打算撰写一篇有关在JavaScript中使用Google Blogger API的博文，并且希望公开提供一个使用该API的有效示例(以及代码示例中的API密钥)在jsFiddle上.

The reason I ask is because I'm planning to write a blog post about using the Google Blogger API in JavaScript and would have liked to provide a working example using the API (along with the API key in a code example) publicly on jsFiddle.

这就是我在文档中找到的内容.(突出显示的部分):

This is what I've found in the documentation (highlighted notable section):

[...]当您的应用程序需要调用此功能中启用的API时项目，应用程序将此密钥作为key = API_key参数.使用此密钥不需要任何用户行动或同意，不会授予访问任何帐户信息的权限，并且不用于授权.

那么我是否可以假设我可以公开共享此API密钥而不会冒有人进行恶意操作的风险呢?

So am I right to assume that I can publicly share this API key without running the risk of having someone do a malicious act with it?

推荐答案

尽管仅通过密钥无法获得帐户信息，身份验证和其他内容，但它用于将API调用链接到Google Project.

While no account information, authentication and other stuff can be obtained by the key alone, it's used to link API calls to a Google Project.

如果密钥是公开可用的，人们可以使用它进行请求，并且Google API会将请求链接到您的Google Project.这可能使恶意用户可以使用此密钥向垃圾邮件发送请求，可能使您的帐户达到每日请求配额.

If the key is publicly available people could do requests with it and the Google API would link the requests to your Google Project. This could give malicious users the ability to spam requests with this key, probably making your account hit the daily request quota.

最后由您自己决定，但建议不要公开您的API密钥.

In the end it's up to you, but it's recommended not to make your API key public.

这篇关于我应该对我的Blogger浏览器应用API密钥保密吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！