API key exposure

[drcsk]

Many thanks for your hard work. This is one of the most simple and best implementations of live translation captioning. However, I have one query.

Is there any way to make sure your api key isn't exposed? It does not seem secure to allow the user to see the api key in the url.

Many thanks

[steveseguin]

I can address this. Typically, since caption.ninja is used within an internal production workflow, the API being exposed isn't an issue.

If you are sharing the caption.ninja links with public users, you expose yourself not only to sharing the API key, but users could publish their own chat translations into the caption.ninja stream, which may be problematic if you don't trust those you share the link with.

I do have a way of addressing that, with what I call an audience-link, however I'll need to find a few hours to update caption.ninja to support this function. Thank you for your interest in security and caption ninja