API Key Lockdown

Is there a way of locking down use of the API key to a given domain or IP address. At the moment I believe anyone could grab our API key from the javascript on our pages and use it?

You can send us the list of your domains via Contact Us page and we will make a restriction for your api keys to be used on that domains.

In future we plan to make a possibility for developer to enter them on the dashboard.

3 Likes

That’s what I wanted to hear :slight_smile: thanks!

2 Likes

Looks like this is now included in the dashboard if I’m not mistaken - the “domain white list option” at the bottom of the Edit screen?
However is it possible to have 2 keys? I created a “production key” and added my domain to the whitelist. Then I added a “development key” to use for local development on my pc.
However I can now only see the “production” key so I’m not sure if the original key has been overwritten or just I can’ view it

1 Like

Yes, we have that functionality on the portal.

After checking your account, I can see that you have two keys and everything seems to be OK. I wrote a private message to you with more details.

Regards,
Mateusz

1 Like