Help

Upcoming database upgrades. Airtable functionality will be reduced for ~15 minutes at 06:00 UTC on Feb. 4 / 10:00 pm PT on Feb. 3. Learn more here

Vision App - Exposed Google API Key

Topic Labels: Extensions
Solved
Jump to Solution
343 1
cancel
Showing results for 
Search instead for 
Did you mean: 

The Vision App requires an API Key. The API Key is visible to all collaborators. Google specifies that API Keys should not be exposed in code, as this is a security problem. I attempted to “restrict” the API so that I could at least limit usage to airtable / vision. But I got an error related to OAuth.

Am I misunderstanding something about the potential security implications? Why would this app be designed to keep the API exposed?

Thanks for any advice!

1 Solution

Accepted Solutions

You are correct regarding the security implications. This is how many Airtable apps deal with api keys.

I believe that Airtable does this because they do not want to give people a false sense of security. They purposely create this weak link in the chain because there is another weak link in the chain that isn’t as obvious. I am not agreeing with this decision, only stating why I think it was made.

See Solution in Thread

1 Reply 1

You are correct regarding the security implications. This is how many Airtable apps deal with api keys.

I believe that Airtable does this because they do not want to give people a false sense of security. They purposely create this weak link in the chain because there is another weak link in the chain that isn’t as obvious. I am not agreeing with this decision, only stating why I think it was made.