Mail validation API limit by domain
Please provide limit the Email validation API being call from only specific domain please? To avoid public key being stolen and abuse usage.
Because implementing another server script just to hide the API key will introduce redundant roundtrip which degrade user experience.
Danil Smirnov commented
I would suggest to allow user to set allowed Referer header value(s) which then compared with that, received from a request.
If we have requests limit per-Referer, it would be even better
Zach Bruhnke commented
I just opened a support ticket about this same thing.
It's very useful with other vendors who have this. Smarty Streets has a great implementation of it and I would highly recommend being able to lock this down by hostname so the keys cannot be stolen and used elsewhere.
We like many other companies I am sure host our frontend site as an SPA on a CDN so simply locking down by IP is not a good fit for us.