How to prevent unauthorized usage

Hi, I have a website using mapkit js and it seems people are using my api code to do massive lookup of the geocode service.

I'm not sure how they did it, I tried to generate a new api code every 20 minutes and they expires in 20 minutes, didn't work, so I tried to generate a new token every 3 minutes and they expires in 3 minutes and it still didn't prevent the unathorize usage. I also added my website so the api generated is supposed to work only on my site and it still didn't work. Anyone has idea why that happens? Or if there is any way for mapkit js to prevent massive lookup of the geocode service from the same ip?

Replies

Define 'massive lookup' - I'd wonder if Apple is failing to enable throttling, etc.


>added my website so the api generated is supposed to work only on my site and it still didn't work


Might help to show the code that isn't working...

Hi Jimmy, could you file a ticket about this via Feedback Assistant https://feedbackassistant.apple.com/welcome to open a direct line of communication with Apple on this? Also if you haven't tried this already, you might try revoking this key and using a new key.