I tried searching for this subject because I was sure someone must have asked but I couldn’t find anything relevant. If I missed something, please point me in the right direction.
Otherwise, is there any way to keep my key secure using JavaScript/AJAX? It seems that no matter what I do it will show up in the developer console. Unlikely or not, a stolen key could get very expensive.
Thanks in advance,
Bruce
We do not recommend that FlightXML2 be use directly within publicly accessible Javascript pages for this reason. Typically you would want to use a backend application on your server that is acting as a front-end for your public webpages.
The FlightXML2 jQuery example mentions this limitation (“We recommend that this technique be only used in protected Intranet environment, since embedding your FlightXML API key in public web pages will allow other users to copy your key and make unauthorized use against your account.”)
It looks like I may be able to store the key and send it to the API server without exposing it, using PHP. That’s what I’m going to try anyway.