Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
The iPhone app that I am working on requires GET calls to a 3rd party site’s api. The 3d part site does not offer SSL and requires the API key be in the GET request’s querystring. What is the best way to secure this? I know I can have the iPhone app talk to my server and then my server send a request but I would like to avoid that if possible. The other question is if this is even a big deal. What can they do with the API key anyway if it is only pulling data?
I asked a similar question the other day with regards to the Google Maps API key.
My thought was whether it was worth worrying about someone using my call allowance.
The concensus was that the API is designed to be used in this way, and there’s not a lot you can do about it.
If your API requires your domain name as the referrer header with the API key (Google Maps does), that offers some degree of deterrent I guess.