Is there a risk in sharing publicly consumer_key?

[k-aymen]

Hi, I use the consumer_key to get photos from 500px. I will share my source code and I am wondering if sharing publicly the consumer_key can be risky for my app?

Thanks

[regata]

in general, you should not do that because it will allow anyone to call some of our APIs (like popular stream) on behalf of your app and potentially violate our TOS. This may result in termination of your account.

[tarmo888]

But how is then the Javascript API sdk_key any safer? https://github.com/500px/500px-js-sdk It seems to work when I make a jQuery call without using the SDK itself. There doesn't seem to be any domain lock either like Google API has.

Or when I want to use 500px with javascript, I shouldn't use it without the Javascript SDK at all?

In order to regenerate those keys, do I have to register a new app?

[regata]

@tarmo888, JS SDK key was introduced to let you call the API from the browser without revealing the consumer key/secret. You can regenerate the JS SDK Key (no public UI, you need to email us for that). If you need to update consumer key/secret, you have to register a new app.

We are in the process of moving to OAuth2 and will be depreciating JS SDK Key.