保护客户端应用程序中的YouTube v3 API密钥 [英] Protecting YouTube v3 API key in a client-side application
问题描述
我正在查看以下指南:和 https://developers.google.com/youtube/v3/revision_history 前进。
I'm looking at the following guide: https://developers.google.com/youtube/v3/getting-started
The first step of interacting with YouTube's API is:
You need a Google Account to access the Google Developers Console, request an API key, and register your application.
And they continue on to show an example where they use the key:
URL: https://www.googleapis.com/youtube/v3/videos?id=7lCDEYXw3mM&key=YOUR_API_KEY &part=snippet,contentDetails,statistics,status
I have a client-side application which is used by many people. The application issues search requests to YouTube's API. YouTube's API has a request limit of 50 million requests per day.
Since it's a client-side application, my API key is embedded into the code.
Today, a malicious user scripted something to max out the requests:
I'm wondering what recourse I have to be able to defend against this sort of activity. Is my only option to host a server, route all needs for YouTube's API through my server, and deny requests when they come too frequently?
I have real concerns about implementing something like that. It would effectively double the wait time for every API request and also tax the server a seemingly unnecessary amount, but perhaps it is needed.
Do I have any other options available to me?
Thanks
This was due to a quota cost increase, it's temporarily reverted. We'll announce cost changes in http://apiblog.youtube.com/ and https://developers.google.com/youtube/v3/revision_history going forward.
这篇关于保护客户端应用程序中的YouTube v3 API密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!