|
|
|
|
|
|
by Programmatic
1336 days ago
|
|
|
API keys are most successful when they're issued for server-side use; when used client-side the usual pattern that I see is for individual clients to request their own API key? In this case, it would need to be distributed to myriad users who legitimately need to ask for the lists and then could be scraped by the "attacker", but at least then they'd have to be knowingly malicious vs. accidentally malicious. |
|
|
Then browser makes like this will not reasonable be able to request a new key automatically for every install. So they will just request one and ship it.
Then when you get abuse like this you can disable it.