I’m a developer at heart, and make mobile and web apps for start-ups and businesses. I'm passionate about tech, problem solving and making things that people love. Check my blog at https://casraf.dev
You're right, though some services have in mind that they will be used on the client side, so they provide "exposable" client keys that are meant to be okay with staying out in the open. That's usually the case for client-side libraries such as Google Maps, mixpanel, etc.
And then there's the rest of the libraries - that are meant to handle server requests. These usually have much higher permissions and require truly secret API keys, in which case as you said it should stay in the server without being exposed to the users in any way.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You're right, though some services have in mind that they will be used on the client side, so they provide "exposable" client keys that are meant to be okay with staying out in the open. That's usually the case for client-side libraries such as Google Maps, mixpanel, etc.
And then there's the rest of the libraries - that are meant to handle server requests. These usually have much higher permissions and require truly secret API keys, in which case as you said it should stay in the server without being exposed to the users in any way.