Pabreetzio
commented
9 years ago I looked into it a little bit more and we might be able to close this one. Turns out that once we have a place to deploy to we can set the settings for the api key to only allow requests from the site we deploy to. The API Key becomes viewable to anyone visiting the page anyway if they inspect the javascript.
MissAutumnForest
tannerhodges
Eventually, we'll need to remove our production API keys from the repo. @Pabreetzio, you wanna look into this?
@staticinteger: Go ahead and commit the keys for our prototype. We'll just generate new ones as needed.