Y
Hacker News
new
|
ask
|
show
|
jobs
by
amscanne
749 days ago
It’s preventing the theft of the API key. The attack can, at most, replay that specific request (which you could also mitigate with a nonce and expiration).