API Key possibly compromised.

  • 1
  • Question
  • Updated 1 year ago
Today my WU access count went from a daily average of 4 or 5 to over 600. It would seem someone has discovered my api key. If I generate a new api key, do I lose the raindrops I have earned?

Tomorrow I will find out whether this was a one time event or whether I will have to change keys. Of course, since I know of no way to hide the key in my source code , the same person or bot may steal the new key.

Thanks.
Photo of frankpc

frankpc

  • 25 Posts
  • 0 Reply Likes
  • very concerned

Posted 4 years ago

  • 1
Photo of Brendan Hayes

Brendan Hayes, Official Rep

  • 962 Posts
  • 122 Reply Likes
Email our support and we can handle it internally: http://help.wunderground.com/
Photo of frankpc

frankpc

  • 25 Posts
  • 0 Reply Likes
Thank you Brendan.

The account is working fine now. Rather than have you do extra work, I'll just leave it as it is for now.

It makes no sense to me why so many hits would spike like they did. Even if someone obtained my key, why would they abuse it in that manner?

Thanks!
Photo of Brendan Hayes

Brendan Hayes, Official Rep

  • 962 Posts
  • 122 Reply Likes
I'm not sure why it might suffer abuse either. I'm sorry you ran into that problem. I'm glad it has been resolved on its own though!
Photo of cyrusak

cyrusak

  • 2 Posts
  • 0 Reply Likes
how can you protect your key from unauthorized application? don't you guys protect it by restricting to a domain? 
Photo of JJ Krawczyk

JJ Krawczyk

  • 1 Post
  • 0 Reply Likes
Bumping this. I just started looking into the API and my first question was "what keeps someone from harvesting my key from a URL on my web site?" Seems too easy to do.

FWIW I have the same question about the newest version of Google Maps.
Photo of Karlo

Karlo

  • 3 Posts
  • 0 Reply Likes
I wanna know too, how we can restrict the key in to certain domains. Like for us, we have dev, testing and production domain.
Photo of Brendan Hayes

Brendan Hayes, Official Rep

  • 962 Posts
  • 122 Reply Likes
If you use php you can hide the key in the code, or you could also use a proxy server between your code and the API to hide the API key.
Photo of Karlo

Karlo

  • 3 Posts
  • 0 Reply Likes
Thanks for the reply. Im doing the call using a JavaScript ajax to get the radar gifs and jsons. Do you know whats the best way to hide the key?