Help

Vision App - Exposed Google API Key

Topic Labels: Extensions
Solved
Jump to Solution
917 1
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Matt_Kennedy1
7 - App Architect
7 - App Architect
See Solution in Thread

‎Aug 22, 2021 08:23 PM

The Vision App requires an API Key. The API Key is visible to all collaborators. Google specifies that API Keys should not be exposed in code, as this is a security problem. I attempted to “restrict” the API so that I could at least limit usage to airtable / vision. But I got an error related to OAuth.

Am I misunderstanding something about the potential security implications? Why would this app be designed to keep the API exposed?

Thanks for any advice!

0 Kudos
Reply
1 Solution

Accepted Solutions
kuovonne
18 - Pluto
18 - Pluto
Solved See Solution in Thread

‎Aug 23, 2021 04:28 AM

You are correct regarding the security implications. This is how many Airtable apps deal with api keys.

I believe that Airtable does this because they do not want to give people a false sense of security. They purposely create this weak link in the chain because there is another weak link in the chain that isn’t as obvious. I am not agreeing with this decision, only stating why I think it was made.

See Solution in Thread

0 Kudos
Reply
1 Reply 1
kuovonne
18 - Pluto
18 - Pluto
Solved See Solution in Thread

‎Aug 23, 2021 04:28 AM

You are correct regarding the security implications. This is how many Airtable apps deal with api keys.

I believe that Airtable does this because they do not want to give people a false sense of security. They purposely create this weak link in the chain because there is another weak link in the chain that isn’t as obvious. I am not agreeing with this decision, only stating why I think it was made.

0 Kudos
Reply
Copyright © 2024 Khoros, LLC