Security issue?

[lahdekorpi]

What is the purpose of this library? This is clearly intended for use in browsers since it is relying on XMLHttpRequest that is only available on browsers.

The whole authentication on the API, however, relies on a private key that you should never share with anybody.
I'm finding it hard to find any real-world use cases for this example code.

As a developer trying to quickly integrate the service, they are looking into the official documentation and then see that JavaScript is linking directly to this official repository. It is not a far-fetched idea to think that people would just think that you are meant to use something like this and start using it, even though you must implement the functionality on the server-side, not the client-side.

It would make sense to either just delete this repository completely or add a warning/information on API key safety and make sure people understand that they can't implement this on the client-side at all.