I’m trying to wrap my head around using API keys. Let me know if I’ve got this right. An API key is a code that you need to get from an API provider to make the API work. It’s like a password, and as such, it should be stored as an environmental variable on the server where your application lives.
Since JavaScript is on the client-side, exposing API keys there is a security risk. Why? What can a hacker do maliciously with an API key? Is the weather application challenge asking new developers to develop insecure applications? Codepen is full of FCC student projects that have put there API keys directly in their JS. Is that bad, or is it okay just for learning purposes? Is there a way that you can actually use JavaScript securely with API keys?