Help

Re: Vision App - Exposed Google API Key

Solved
Jump to Solution
627 0
cancel
Showing results for 
Search instead for 
Did you mean: 
Matt_Kennedy1
7 - App Architect
7 - App Architect

The Vision App requires an API Key. The API Key is visible to all collaborators. Google specifies that API Keys should not be exposed in code, as this is a security problem. I attempted to “restrict” the API so that I could at least limit usage to airtable / vision. But I got an error related to OAuth.

Am I misunderstanding something about the potential security implications? Why would this app be designed to keep the API exposed?

Thanks for any advice!

1 Solution

Accepted Solutions
kuovonne
18 - Pluto
18 - Pluto

You are correct regarding the security implications. This is how many Airtable apps deal with api keys.

I believe that Airtable does this because they do not want to give people a false sense of security. They purposely create this weak link in the chain because there is another weak link in the chain that isn’t as obvious. I am not agreeing with this decision, only stating why I think it was made.

See Solution in Thread

1 Reply 1
kuovonne
18 - Pluto
18 - Pluto

You are correct regarding the security implications. This is how many Airtable apps deal with api keys.

I believe that Airtable does this because they do not want to give people a false sense of security. They purposely create this weak link in the chain because there is another weak link in the chain that isn’t as obvious. I am not agreeing with this decision, only stating why I think it was made.