const url = https://api.openweathermap.org/data/2.5/weather?q=Tokyo&appid=$apiKey ; Treat your OpenWeather API key like a password. Even though OpenWeather keys are meant for server‑side use, exposed keys can be stolen and used to exhaust your quota or incur charges. Always use environment variables, restrict key permissions where possible, and monitor your dashboard for anomalies. Would you like a specific code example (Python, JavaScript, cURL) for calling OpenWeather with your key securely?
https://api.openweathermap.org/data/2.5/weather?q=London&appid=YOUR_API_KEY For production apps, never hardcode the key in client‑side code (JavaScript, mobile apps). Use a backend proxy or environment variables. 4. Security & Management | Do ✅ | Don’t ❌ | |-------|----------| | Store keys in environment variables ( .env files) | Commit keys to GitHub or public repos | | Use different keys for development, staging, and production | Share your key with unauthorized users | | Set up API key restrictions (by IP, HTTP referrer, or URL) in the OpenWeather dashboard if available | Ignore suspicious usage spikes | | Rotate keys periodically | Hardcode keys in frontend HTML/JS | Note: OpenWeather’s free tier has rate limits (60 calls/minute). Exceeding this returns a 429 error. Monitor usage via your dashboard. 5. Common Errors & Fixes | Error Code | Meaning | Solution | |------------|---------|----------| | 401 | Invalid API key | Double‑check the key spelling, ensure it’s activated (wait 30 min) | | 429 | Too many requests | Implement exponential backoff or upgrade your plan | | 404 | Wrong endpoint | Verify the URL (e.g., /weather vs /forecast ) | 6. Environment Variable Example (Node.js) // .env file OPENWEATHER_API_KEY=your_key_here // app.js require('dotenv').config(); const apiKey = process.env.OPENWEATHER_API_KEY; open weather api key