Infinity API key abuse

[forsakenquantum]

I saw this topic come up on Lemmy, which I hadn't thought of before, and I wanted to make sure to flag it to @Docile-Alligator (hopefully they've already thought of it).

It's not terribly difficult to extract an API key from an APK. Is there any infrastructure in place to ensure that anybody who does that isn't able to use Infinity's API key as much as they want, running up a bill that Docile-Alligator has to pay?

I've really enjoyed using Infinity and appreciate all the effort and love that Docile-Alligator has put into it, and would hate to see them get abused by bad actors.

[ahmuro]

Same thoughts. Modded APKs are a thing, and there's a nonzero chance of people using your API key at cost to you without providing you revenue. Specially if this is the only third party client that survives.
I guess that's at least part of the reason most other clients are instead shutting down. I hope you have considered that.
Wish you the best, and thanks for everything.

[Docile-Alligator]

Thank you. I am constantly monitoring the API usage and by now there is no API usage abuse.