upvote

points

by voidUpdate16 hours ago |
comments
upvoteby michaelt14 hours ago|
next
[-]
Keys could have certain restrictions [1] such as HTTP Referer, which meant you couldn't just embed a map on your website and charge a different website for the views.

Not perfect protection of course - an attacker could spam requests with all the right headers if they wanted to - but it removes one of the big motivations for copying someone else's API key.

[1] https://docs.cloud.google.com/api-keys/docs/add-restrictions...

reply
upvoteby voidUpdate14 hours ago|
parent|
[-]
I was thinking more maliciously targeting the developer and running up a huge bill than reusing their key for your use
reply
upvoteby chinathrow15 hours ago|
prev|
[-]
I guess this was an issue all along - but the cost per request is most def way higher for LLM API calls than for e.g. a Maps API call.
reply
upvoteby joking15 hours ago|
parent|
[-]
with llms maybe you can reuse their api for your own benefit instead of just showing some maps, so the issue is even worse that only cost.
reply