Re: Vision App - Exposed Google API Key

Matt_Kennedy1 · ‎Aug 22, 2021

The Vision App requires an API Key. The API Key is visible to all collaborators. Google specifies that API Keys should not be exposed in code, as this is a security problem. I attempted to “restrict” the API so that I could at least limit usage to airtable / vision. But I got an error related to OAuth.

Am I misunderstanding something about the potential security implications? Why would this app be designed to keep the API exposed?

Thanks for any advice!

kuovonne · ‎Aug 23, 2021

You are correct regarding the security implications. This is how many Airtable apps deal with api keys.

I believe that Airtable does this because they do not want to give people a false sense of security. They purposely create this weak link in the chain because there is another weak link in the chain that isn’t as obvious. I am not agreeing with this decision, only stating why I think it was made.

See Solution in Thread

kuovonne · ‎Aug 23, 2021

You are correct regarding the security implications. This is how many Airtable apps deal with api keys.

I believe that Airtable does this because they do not want to give people a false sense of security. They purposely create this weak link in the chain because there is another weak link in the chain that isn’t as obvious. I am not agreeing with this decision, only stating why I think it was made.