Protecting your API Key

Overview

In order to use this service you have to obtain an API Key (You will have it once you open a new account). This is the secret key that will be used to send the requests to our server.
As we mentioned above, it's a SECRET KEY. So, you cannot share it with others. Anyone has this key will be able to send request to the GeoIP API at your behalf. So your remaining requests will be stolen.
In some cases you may need to leave this key to the public. So, anyone can obtain and use it. In this case, we have to provide a way that can really protect your API Key unusable by others.
Let's dive into this..

Whitelisting you domains/hosts

This approach is used to let us know that if the request is coming from this list of domains/hosts, then allow it. Otherwise, return an error without allowing them to use the API Key, so your remaining requests will be the same without deduction.
In order to do that, you have complete the following steps:
  1. 1.
    Go to your dashboard page.
  2. 2.
    From the header navigation bar, Choose 'My Products'.
  3. 3.
    Here, you will see 3 sections, click on 'API Service'.
  4. 4.
    Now, you're in the page where you can see all details about your current plan and API settings. Click the 'Edit' button at the right side of the 'Whitelisted domains' section, as shown below.
GRE GeoIP Dashboard, updating whitelisted domains/hosts
After clicking on the 'Edit' button shown in the screenshot above, you'll be navigated to another page contains a textbox. Type your domains separated by comma, then save the changes.
You can enter domain names and/or IP Addresses of your server.
For example: let's say you want to send requests to the API from your client interface using our JS Package and in the same time you're using our PHP Library to send request from the server-side. Then you have to whitelist your domain name (where your client interface hosted) and your server IP Address (where you use the PHP Library) and separate them by comma. e.g: `client.com,123.45.67.89`

Important Notes:

  1. 1.
    The maximum length of the text you'll type in this area is 700 characters.
  2. 2.
    Don't use spaces, tabs or newlines within the text.
  3. 3.
    If you use subdomains, then you have to list them all, separate them by comma.
  4. 4.
    Only IPv4 allowed to be listed here.
  5. 5.
    If you use CloudFlare or any other service that using Proxy approach and you want to whitelist your server IP Address, then just whitelist the real server IP (because, this is the place where you'll send the requests from).
  6. 6.
    If you leave the whitelisted domains field empty, then you're telling us that you want to allow all domains and hosts to use the API Key.