Is it unsafe to expose the api Oauth key in a client-side ajax call?
It seems that an unscrupulous user could see this key and wreak havoc
on your app/blog.
Here is an example,
$.ajax({
type: "GET",
url: "
http://api.tumblr.com/v2/blog/brentisyourfriend.tumblr.com/
info",
dataType: "jsonp",
data: {
//is it unsafe to expose the #api_key in a client-side ajax
call?
api_key: "#api_key",
jsonp: "blogInfo"
},
jsonpCallback: 'blogInfo',
success: function(data, status, jqXHR) {
$("#info").html("<h1>" + data.response.blog.title + "</h1>" +
"<ul><li>Number of Posts: " + data.response.blog.posts +
"</li>" +
"<li>Blog Name: " +
data.response.blog.name + "</li>" +
"<li>Description: " + data.response.blog.description + "</
li>" +
"<li>Url: " + data.response.blog.url + "</li></ul>");
},
error: function(jqXHR, status, error) {
alert(status);
}
});