topic Re: Are there any protections for hosting the client side API key on github? in ArcGIS JavaScript Maps SDK Questions https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/are-there-any-protections-for-hosting-the-client/m-p/1105885#M74912 <P>It's a good question&nbsp;<a href="https://community.esri.com/t5/user/viewprofilepage/user-id/513220">@gggg</a>. Here is our official documentation on the subject:</P><P><A href="https://developers.arcgis.com/documentation/mapping-apis-and-services/security/security-best-practices/#api-key-security" target="_blank">https://developers.arcgis.com/documentation/mapping-apis-and-services/security/security-best-practices/#api-key-security</A></P><P>In short, it's a good idea to limit your API key to consume only the services you require, and use the allowed referrer to limit usage to your app's URL. Also, you should monitor the API key's usage, and delete it when you're done, and/or rotate your API key as needed.</P> Fri, 08 Oct 2021 13:47:52 GMT Noah-Sager 2021-10-08T13:47:52Z Are there any protections for hosting the client side API key on github? https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/are-there-any-protections-for-hosting-the-client/m-p/1105404#M74899 <P>I need to host my client side API key on github pages to share my project. except the API key will be publicly shown in the source code since it is a client side API key. Does ESRI have any protections for this case?</P> Thu, 07 Oct 2021 01:01:54 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/are-there-any-protections-for-hosting-the-client/m-p/1105404#M74899 gggg 2021-10-07T01:01:54Z Re: Are there any protections for hosting the client side API key on github? https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/are-there-any-protections-for-hosting-the-client/m-p/1105885#M74912 <P>It's a good question&nbsp;<a href="https://community.esri.com/t5/user/viewprofilepage/user-id/513220">@gggg</a>. Here is our official documentation on the subject:</P><P><A href="https://developers.arcgis.com/documentation/mapping-apis-and-services/security/security-best-practices/#api-key-security" target="_blank">https://developers.arcgis.com/documentation/mapping-apis-and-services/security/security-best-practices/#api-key-security</A></P><P>In short, it's a good idea to limit your API key to consume only the services you require, and use the allowed referrer to limit usage to your app's URL. Also, you should monitor the API key's usage, and delete it when you're done, and/or rotate your API key as needed.</P> Fri, 08 Oct 2021 13:47:52 GMT https://community.esri.com/t5/arcgis-javascript-maps-sdk-questions/are-there-any-protections-for-hosting-the-client/m-p/1105885#M74912 Noah-Sager 2021-10-08T13:47:52Z