captionninja icon indicating copy to clipboard operation
captionninja copied to clipboard
verified publisher icon steveseguin

API key exposure

Open drcsk opened this issue 4 months ago • 1 comments

Many thanks for your hard work. This is one of the most simple and best implementations of live translation captioning. However, I have one query.

Is there any way to make sure your api key isn't exposed? It does not seem secure to allow the user to see the api key in the url.

Many thanks

drcsk avatar Aug 23 '25 21:08 drcsk

I can address this. Typically, since caption.ninja is used within an internal production workflow, the API being exposed isn't an issue.

If you are sharing the caption.ninja links with public users, you expose yourself not only to sharing the API key, but users could publish their own chat translations into the caption.ninja stream, which may be problematic if you don't trust those you share the link with.

I do have a way of addressing that, with what I call an audience-link, however I'll need to find a few hours to update caption.ninja to support this function. Thank you for your interest in security and caption ninja

steveseguin avatar Aug 23 '25 21:08 steveseguin