General API keys question

General API keys question



I looked up the weather API mentioned on the instructions page for this project. I did sign up for a key but, just to be clear, as long as I did not type the key into my files, then it’s safe, right?

I decided to look into this one mentioned by another user in this forum, so the question above is to make sure I’m not missing something by signing up for a key that won’t probably be used.


What do you mean? If there are no calls made with your API key as an identifier, then it doesn’t count against your total, if that helps.


Usually you don’t want to expose your API key in your frontend code as others can copy it and make requests to the API on your behalf (which may cost you money, etc).

One alternative is to store API keys in your environment variables, so in node: process.env.API_KEY

Another would be to make an AJAX call to your back end, get the API key with your server code handle the business logic server side, and then send the result to the front end.

In the context of this small project though - it’s probably OK to expose the code in your javascript. I think I did in mine