The launch of our new product, DOTS Global Address Complete, has brought along with it a nifty new license key. This new custom key has the necessary security features to allow it to be placed on client-side code. This enables simple JavaScript integrations and helps reduce the amount of developer time required to get your data validation up and running.
What is a Custom API Key?
It is a 32 character license key that can be locked to a specific domain.
Example: 0A013E5BEDF14F1AB6B7EAE1C2AC9608
What is a domain?
A domain name is a unique string that defines a realm of administrative autonomy, authority, or control within the Internet. For instance, the ‘serviceobjects.com’ domain and anything originating or directed to that domain is managed by our company.
Example Domains: serviceobjects.com, google.com, yahoo.com
Why are Custom API Keys important?
Normally, API keys should remain private and hidden from the public. Anyone with a traditional API key can use the web service, and this is a gaping vulnerability if the key is used in client-side code. The ease of use of a traditional API key may be beneficial but, in some cases, it limits the pathways for integration. Developers must consider where their code will reside and how they will keep the keys to the kingdom safe. LEARN MORE>>
Front end vs. back end code
Front end
This type of integration relies on code that is visible to the public. JavaScript is generally the language of choice and, without the use of a custom key, transactions could be incurred by malicious actors.
With front end code anyone can “View page source” and see how the web service is being called along with your license key. Without some way to control who can use the license key, this approach is vulnerable to license key theft.
Back end
The code that performs the data validation resides behind the scenes and is completely hidden from the end-user. This method of integration allows you to hide the entirety of the data validation code and helps prevent unwanted use of your license key. No code is visible and therefore the license keys we issue are safe from prying eyes.
There are specific use cases where a front end integration is useful. For example, our Global Address Complete web service leverages JavaScript to help with address autocomplete. To keep your license key safe, we can provide a custom key that is locked to a domain within your control. This allows you to have your custom key visible to the public because the web service will only accept requests that originate from within your domain.
