maxcell
commented
7 years ago Howdy @richthedev, this last month we have moved our authorization process to using API Keys. You can generate new scopes for particular actions that you/your application may need. You can read more about it in this blog post and in the Authorization section in our Developer Guide. You also have the ability to revoke the particular key if something goes wrong.
I definitely appreciate your, and many others, attention to this fact. We hope to continue to give you the power to make amazing applications 😄. I'd also suggest not putting your application key/secret inside of your JavaScript source as that would be the number 1 way your application would be compromised. We typically recommend having them in environment variables or an uncommitted file that has your keys (assuming you make your source publicly available). There are a few ways that it can be done and this is a true problem that many different APIs face.
Hi, I have just started using the Clarifai API and it works great.
One thing I was wondering though is how to protect my application key/secret from being stolen / used by anyone who uses the app? It seems I cannot regenerate those and putting them in the javascript source does not feel right to me.
Any thoughts ?