The Vision App requires an API Key. The API Key is visible to all collaborators. Google specifies that API Keys should not be exposed in code, as this is a security problem. I attempted to “restrict” the API so that I could at least limit usage to airtable / vision. But I got an error related to OAuth.
Am I misunderstanding something about the potential security implications? Why would this app be designed to keep the API exposed?
Thanks for any advice!
You are correct regarding the security implications. This is how many Airtable apps deal with api keys.
I believe that Airtable does this because they do not want to give people a false sense of security. They purposely create this weak link in the chain because there is another weak link in the chain that isn’t as obvious. I am not agreeing with this decision, only stating why I think it was made.
This topic was solved and automatically closed 3 days after the last reply. New replies are no longer allowed.