在客户端JavaScript中使用我的Flickr API密钥是否安全?
[英]Is it safe to use my Flickr API key in client-side JavaScript?
问题描述
I want to use the Flickr API method flickr.photos.search in JavaScript, to search for all my photos with a specific tag: 
我想在JavaScript中使用Flickr API方法flickr.photos.search来搜索具有特定标记的所有照片:
http://api.flickr.com/services/rest/?method=flickr.photos.search&api_key={API_KEY}&user_id=50001188%40N00&tags=fazynet&format=rest
(To make it work, change {API_KEY} to a valid Flickr API key.) (要使其正常工作,请将{API_KEY}更改为有效的Flickr API密钥。)
My question is: Is it safe to include that key in client-side JavaScript? 我的问题是: 在客户端JavaScript中包含该密钥是否安全?
I've seen some tutorial sites doing it, but what's to stop someone copying their API key (or mine) and going over the rate limits? 我已经看过一些教程网站正在做这件事,但是什么阻止某人复制他们的API密钥(或我的)并超过速率限制?
Of course, I could set up a very simple proxy running in Node.js that inserts the key (probably even Apache or Nginx could do it), but it's one more thing to set up and monitor. 当然,我可以设置一个在Node.js中运行的非常简单的代理来插入密钥(甚至可能是Apache或Nginx都可以这样做),但是设置和监控还有一件事。
If there's a safe, pure JavaScript solution, I'll take that please. 如果有一个安全,纯粹的JavaScript解决方案,我会接受的。 :) :)
Note, I am currently using this query which requires no authentication: 注意,我目前正在使用此查询,不需要身份验证:
http://api.flickr.com/services/feeds/photos_public.gne?id=50001188@N00&tags=fazynet&format=json
However, the results appear to be no longer reflecting changes (after at least a 24-hour wait). 但是,结果似乎不再反映变化(至少等待24小时后)。
1 个解决方案
解决方案1
1 已采纳 2013-11-04 21:21:51
没有纯JavaScript方法来实现这一点我担心,您将不得不创建一个服务器端脚本来执行API调用并调用该脚本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.