What Happens if I Make my API Key public?
I’m in the process of creating a screencast that explains how to use WordPress.com features. While I’m doing this, my API key will definitely appear on-screen, making it public to anyone who sees the screenscast. Should I be worried? What should I do?
Every user of WordPress.com gets a unique API key they can use to access a number of services. This key should be kept as secret as your password — don’t share it with anybody.
I hope this is helpful for you
No, I’m afraid it doesn’t help at all. I’m already aware of the FAQs regarding the API key. I did go through the help documents before I posted my question.
I have no choice but to make it public. My questions remain. Should I be worried? What should I do?
Don’t make it public. Cover it up in the photo.
Best thing I can say is contact staff by clicking
the support button in your dashboard
Ellaella, it’s not a screenshot. It’s a screencast. In other words, a movie. It can’t be covered up.
GameHQ, I have a question into suport now. Thanks for your help.
“I have no choice but to make it public.”
Yes you do.
It will be blocked is your answer.
What does that mean? “It will be blocked?”
And I really can’t see HOW I can keep it private if I’m creating a screencast that includes the administration panel where it’s displayed. If you know how to hide it, please tell me or point me to the help document that does.
Make it up?
Blocked = it will be rendered useless.
You could explain everything on your screencast and just not go, while you are “filming”, in the area where the key shows. I doubt it appears on every single page of the dashboard. I myself would not be entirely sure where to go exactly to find it ( of course I would definitely find it but I mean, I dont check it that often). Im sure if you explain during the screencast that you cant go in there because your key would show and you would have akismet disabled in your blog because of that, people would understand. Im sure you are doing this screencast to help others, but theres only so much you can do to help people. Putting your own blog in danger might not be an option and people should understand this. My two cents.
I don’t know what you mean by “Make it up?” Are you saying I should make something up? The API Key? If so, you don’t understand the problem and my question.
I’m creating a screenCAST. That’s not a screenSHOT. It’s a movie of what’s on the screen. It’s recorded at about 30 frames per second. In order to mask the API key, I’d have to modify HUNDREDS of individual images. I don’t even know if that’s possible with the image editing tools I have.
If the key is “blocked,” will the WordPress.com blog still function? Back to my original question: WHAT HAPPENS?
“Blocked” and “rendered useless” is meaningless to me since it’s not very clear exactly what the key does for a WordPress.com account. (I understand what it does for a WordPress server installation with Aksimet or various stats plugins installed.)
Should I be addressing these questions to someone else? I used the Support link and sent my question but never got a response.
Thanks for your help.
I’m the one who would respond.
If you use a key in this, you tell me before you use it.
I then block it.
You then tell people during your screencast that the key they see is totally useless.
I cannot see any problem at all with that.
sunnisme, the API key appears on your profile page, right at the top. It would only affect 2 or 3 of my screencast movies. I will definitely explain that the key won’t work for anyone else. But these days, who listens?
Thanks for your two cents!
Mark, that’s PART of what I needed to know. I have no problem informing you. I guess I’d do that here.
But will the blog continue to function with a blocked key? I need to know so I know if I can refer people to the live version for reference.
I would suggest creating another user – you don’t need a blog – and using that key.
Thanks for all this information and help. With luck, the video editor will be able to mask the whole thing out. Got my fingers crossed.
I’m sorry if this is not understanding, but could you not put a simple post-it note over the crucial area? I don’t understand what you want to do, but the code does not show up very often. At least not for things usually I do…
The topic ‘What Happens if I Make my API Key public?’ is closed to new replies.