Yes. It's security through obfuscation really, worth doing but not the ultimate solution. Ideally you own your endpoint and can hide any public keys serverside (in .env files) and route your traffic through that.
My name is Pascal Lamers, I am 30 years old and I am from Austria - and still live in Austria. Approx. 4 years ago I started to activley learn code and it was one of the best decisions of my life !
That's true yes . But env variables can also be used for other , non-secret , things . I often use it for a development/production workflow when in development i use other endpoints than in production.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Doesn't it still hold true that if your app is a client side that your API key will still be exposed, or am I missing something?
Yes. It's security through obfuscation really, worth doing but not the ultimate solution. Ideally you own your endpoint and can hide any public keys serverside (in .env files) and route your traffic through that.
That's true yes . But env variables can also be used for other , non-secret , things . I often use it for a development/production workflow when in development i use other endpoints than in production.