Hi Alexander, Sending API keys to the client probably isn't a good idea in any case, as that gives them carte blanche with the API that the key is for, even setting aside other APIs. You should use a proxy that handles authentication, instead.
-Nick Johnson On Mon, Jun 20, 2011 at 4:47 AM, Alexander Konovalenko <[email protected]>wrote: > When you are using a Google API (such as the Prediction API) from a > server-side app, the Google APIs Console lets you limit API requests > to those originating from known IP addresses or ranges [1, 2]. If you > set a whitelist and an API request comes from a non-whitelisted > address, the request will be rejected. > > This can be really useful if you use some Google APIs from > browser-embedded JavaScript and other Google APIs only from server > side. All APIs share the same API key which can be retrieved by > examining or debugging your JavaScript. A malicious third party could > learn your API key by viewing the source of your site and then use the > key to issue calls to other Google APIs in your name, even if you only > use those other APIs from your server-side app. > > Currently we cannot whitelist App Engine because the IP addresses used > by the app servers, backends and the URL fetch service are not known > in advance. I filed a request to add a button on the Google APIs > console to whitelist App Engine. If you're interested, feel free to > star it or add your comments: > > http://code.google.com/p/googleappengine/issues/detail?id=5219 > > [1] Google APIs Console, Quotas pane > https://code.google.com/apis/console#:quotas > > [2] Google APIs Console Help, section "Whitelisting by IP Address > (Server-side applications)" > https://code.google.com/apis/console-help/#whitelistingbyip > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- Nick Johnson, Developer Programs Engineer, App Engine -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
