Protecting your API Key
Overview
In order to use this service you have to obtain an API Key (You will have it once you open a new account). This is the secret key that will be used to send the requests to our API.
As we mentioned above, it’s a SECRET KEY. So, you cannot share it with others.
In some cases you may need to leave this key to the public. So, anyone can obtain and use it. In such cases, you have to limit the usage of this API Key to your authorized hosts (domain names and/or IP Addresses). So, let’s dive into this:
Whitelisting your hosts
The purpose of this approach is to determine whether a request is originating from a specific list of domains or IP Addresses. If the request is coming from one of these domains or hosts, it is allowed. Otherwise, an error is returned, preventing the usage of the API Key. By implementing this method, your remaining requests will remain unaffected and won’t be deducted.
In order to do that, you have complete the following steps:
First Step
Go to the settings page of the account dashboard
Second Step
Under the ‘Security settings’ section, click on the ‘Manage’ button on the right side of the ‘Authorised hosts’ setting
Greip Dashboard, updating the authorised hosts
You can enter domain names and/or IP Addresses in this field.
For example: let’s say you want to send requests to the API from client-side using our JS Package and in the same time you’re using our PHP Library to send request from the server-side. Then you have to add your domain name (where your client-side is hosted) and your server IP Address (where you use the PHP Library).
E.g:
+ domain.com
+ 123.45.67.89
Important Notes
- If you use subdomains, then you have to list them all.
- Only IPv4 allowed to be listed here.
- If you use CloudFlare or any other service that using Proxy approach and you want to whitelist your server IP Address, then just add the real server IP Address to the ‘Authorised Hosts’.
- If you leave the authorised hosts field empty, then you’re telling us that you want to allow all domains and IP addresses to use the API Key.
Was this page helpful?