I have a system where user can add content to his profile, such as any youtube videos, I validate the video url and then I call the API to get video details such as title, description and details. nothing else, no update\edit operations.
For now I'm using the public API key to authorize the requests, also I put my system domain as a whitelist
$http.get('http://ift.tt/KK2PBS' + videoId + '&key={{my_key}}' + '&part=snippet')
Regarding security issues, do I need to use OAuth 2.0 to issue a token used to authenticate the requests? If someone tracked request and capture the key, will I need to prevent this via OAuth, or there's a way from the Google Developer Console to only make it read operations only.
Thanks.
Aucun commentaire:
Enregistrer un commentaire