问题
I'm about to use the here.com API. I generated a api_id/api_code for a new App. These two values must be appended to each request to the API and are, if used in a Web App, visible to everyone.
id+code are not bound to an URL like Google API keys, so I don't see any method to prevent anybody to take my id+code and using it for, lets say, scraping tiles. As the API costs money I wonder how I can prevent that?
http://developer.here.com/faqs says nothing about protection of keys and here.com doesn't really seem to want to talk to developers, so I hope this metaish question dosn't get downvoted...
回答1:
Within your HERE Developer Dashboard, when you navigate to a project and view your JavaScript / REST tokens, there is a checkbox that says "Secure app credentials against a specific domain".
https://developer.here.com/projects
By locking the tokens to a particular domain or set of domains, they will be protected from malicious users. If someone steals your tokens, they won't be able to use them because the requests need to come from your domain.
Hopefully that helps.
Best,
来源:https://stackoverflow.com/questions/29919116/how-to-prevent-here-com-api-id-hijacking