I have been using the gcal sample with full calendar from the link https://fullcalendar.io/js/fullcalendar-3.8.0/demos/gcal.html. For the authentication we passing our calendar api and calendar id, and it works fine. I'm concerned that the api is visible through the console to anybody who gets to access my code. How do I protect my calendar credentials
0
votes
You need to explain more!
- A Khudairy
thanks, have edited the post, the first time that iv been posting, hope that would suffice.
- Snehitha
@Snehithak did my answer help to clarify it for you?
- ADyson
@ADyson thanks for your answer, but had another question to it, if you could please help me with that
- Snehitha
1 Answers
0
votes
For clarity, since you didn't mention it explicitly in the question, I believe you are talking about the process documented here: https://fullcalendar.io/docs/google_calendar/
The code you've used by following that example doesn't give anyone permission to alter your calendar. The Public API Key which is used only gives read-only permission, which is why it's OK to make that public in your JavaScript code. Since you're already making the data public, it doesn't allow anyone to get anything they can't already see by looking at your calendar.
To change anything on the calendar someone would have to log in with your actual google username and password, or communicate with the API using a secret key and service account, which you have to specifically issue from the google developer API console. These are things which only you should know, and they are not part of what you've set up with fullCalendar.
