Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
godsplane2021-09-26 21:57:24
JavaScript
godsplane, 2021-09-26 21:57:24

Is it safe to use google API key in source code?

I use the fullcalendar library to embed a google calendar on a website. Following the example of this library, I display the calendar like this:

var calendar = new FullCalendar.Calendar(calendarEl, {
    googleCalendarApiKey: 'AIzaSyD36ывввwuRpu8iq7qTl90W6FPvLJDTc',
    initialView: 'timeGridWeek',
    locale: 'ru',
    slotMinTime: '07:00:00',
    slotMaxTime: '23:00:00',
    slotDuration: '01:00:00',
    allDaySlot: false,
    nowIndicator:true,
    slotLabelFormat: {
      hour: 'numeric',
      minute: '2-digit',
      omitZeroMinute:false,
     
      meridiem: 'short'
    },

    expandRows:true,
    eventSources: [
      {
        googleCalendarId: 'h5uvфывфpfmdrsйцу[email protected]йцуar.google.com'
      }

    ]
  });


That is, anyone can see the calendar ID and API key. Is it possible to do this and is it safe? If not, how to hide this key correctly?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
G
Gennady S, 2021-09-26
@gscraft

First, you won't hide anything that's passed from the client side, no matter where it's stored. Such keys are usually public and have no risk of theft. Let's say they are tied to a domain, and for private operations they require separate authentication / authorization. Secondly, storing any settings in the source code is a bad idea anyway. All changeable values ​​must be placed in the configuration file. Because the code must be redistributable (sent in versions, used in other projects, used in other conditions, etc.). If you do not have a faucet and do not want to complicate the code base, then at least in a separate, included JS file.
PS Another point, if we are talking about the key that is obtained as a result of authentication with Google, then the application must allow local user login, you cannot bind the application to authentication globally. In rare cases, when such a need arises, it is necessary to create a bridge for the server part, to which to delegate any operations with the private part of the API.

Similar questions
K
kirillantv2017-10-05 11:53:54
How to group messages by subject, sender and recipient? 3Reply
T
turbogreddy2017-10-10 20:24:54
How to convert native path of format \Device\HarddiskVolume3\my_file.exe to Win32 format? 2Reply
S
Shredinger422020-02-26 19:03:08
How to implement authorization in mail.ru on fuel kotlin? 1Reply
V
Viktor Batienko2020-03-01 08:19:15
How to add reference to System.Configuration? 3Reply
P
PetroPetrivich2020-03-02 22:13:56
A Google Drive client that can run as a service (without user login) under Windows Server 2003 (2008)? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question