2

We're working to switch from Google CSE to Bing's Web Search API. The Ocp-Apim-Subscription-Key is visible in a request header (called with an AJAX request).

How do we protect it from use by a third party?

(Note: We don't have any experience with Azure tools.)

Michael
  • 8,362
  • 6
  • 61
  • 88
Florian Térisse
  • 33
  • 3

1 Answers1

2

You should not be embedding the subscription key into a client-side query. Your search queries should go from the client-> your server -> Bing server and then back the same way.

This information, although on the Image Search page, applies to all Bing Searches:

All requests must be made from a server. You may not make calls from a client.

Although there are some cases where client-side calls are acceptable, such as internal-use cases, client-side is strongly not recommended.

Michael
  • 8,362
  • 6
  • 61
  • 88
Matt Small
  • 2,182
  • 1
  • 10
  • 16
  • Hello. Thank you for your reply. To avoid soliciting the server we would not want to make him play the role of proxy. We will do as advocated. Thank you. – Florian Térisse Jul 05 '17 at 08:01