Public exposure of API Key
Closed this issue · 2 comments
pexels-sketchplugin/src/pexels.js
Line 6 in de3770e
I too develop sketch plugins, is there any way I can help or contribute to this repo...?
Hi there, thanks for reporting this!
We agree that it can be a bit shocking to see an API key exposed like this, but in this case it isn't really a security concern. Our API is free to use and publicly accessible, and keys can be easily requested by any registered user. (https://www.pexels.com/api/).
We use the API keys primarily for rate-limiting. Given that it's pretty easy for anyone to acquire a key we're not too concerned that it might be scraped off github at this point.
If you have any proposals to improve this plugin, please create a new issue detailing what you'd like to help with. If it lines-up with what we'd like to see as well, we'd be happy to accept a pull request. 😄