我应该保密我的 Blogger 浏览器应用程序 API 密钥吗? [英] Should I keep my Blogger browser-apps API key a secret?
问题描述
参考下图中突出显示的 API 密钥,我想知道用于浏览器应用程序的 Blogger API 密钥是否应该保密.
Referring to the highlighted API key in the below image, I am wondering if the Blogger API key that's used for browser apps should be kept secret.
我之所以这么问是因为我打算写一篇关于在 JavaScript 中使用 Google Blogger API 的博客文章,并且希望公开提供一个使用该 API 的工作示例(以及代码示例中的 API 密钥)在 jsFiddle 上.
The reason I ask is because I'm planning to write a blog post about using the Google Blogger API in JavaScript and would have liked to provide a working example using the API (along with the API key in a code example) publicly on jsFiddle.
这是我在文档中找到的内容(突出显示的值得注意的部分):
This is what I've found in the documentation (highlighted notable section):
[...] 当您的应用程序需要调用在此启用的 API 时项目,应用程序将此密钥传递到所有 API 请求中作为key=API_key 参数.使用此密钥不需要任何用户行动或同意,不授予访问任何帐户信息的权限,不用于授权.
[...] When your application needs to call an API that's enabled in this project, the application passes this key into all API requests as a key=API_key parameter. Use of this key does not require any user action or consent, does not grant access to any account information, and is not used for authorization.
那么我认为我可以公开共享此 API 密钥而不会冒着有人用它进行恶意行为的风险是否正确?
So am I right to assume that I can publicly share this API key without running the risk of having someone do a malicious act with it?
推荐答案
虽然不能单独通过密钥获得帐户信息、身份验证和其他东西,但它用于将 API 调用链接到 Google 项目.
While no account information, authentication and other stuff can be obtained by the key alone, it's used to link API calls to a Google Project.
如果密钥是公开可用的,人们可以用它发出请求,Google API 会将请求链接到您的 Google 项目.这可能使恶意用户能够使用此密钥发送垃圾邮件请求,从而可能使您的帐户达到每日请求配额.
If the key is publicly available people could do requests with it and the Google API would link the requests to your Google Project. This could give malicious users the ability to spam requests with this key, probably making your account hit the daily request quota.
最终取决于您,但建议不要公开您的 API 密钥.
In the end it's up to you, but it's recommended not to make your API key public.
这篇关于我应该保密我的 Blogger 浏览器应用程序 API 密钥吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
