#community-help

Limiting API Key Access by Domain

TLDR Loic wanted to limit API key access to a specific domain. Jason clarified this limitation, discussing how Google achieves it via their VPN-like service.

Powered by Struct AI
Jan 28, 2023 (10 months ago)
Loic
Photo of md5-3a88a602e4aba6a18b4a6c6985fcf08c
Loic
05:25 PM
Hey Jason , how are you ?
It would be nice to be able to limit the API key from a specific web domain only
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
05:27 PM
This would be impossible to do since, the only mechanism available to do this is via HTTP headers set by the browser, but that can be trivially changed by users if they use curl or some browser extensions
Loic
Photo of md5-3a88a602e4aba6a18b4a6c6985fcf08c
Loic
05:29 PM
In Google Cloud Patform you have this domain selection option for the APIs. I don’t know how they do it :thinking_face:
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
05:34 PM
Could you link me to the docs for it?
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
06:02 PM
This seems to talk about Google’s VPN-like service and restricting access to only certain domains via that service…