Our API key was leaked and resulted in a significant usge increase. How can we know their IP address and user agent to narrow down who they are? We have of course changed the API key immediately after it happened. But we suspect there are only a handful people know that key, we want to make sure there is no ethical issues.
You currently can not view the requestor’s IP address, but a common request is for them to give each key an IP address range, so even if it gets leaked you can’t use it unless you are on the whitelisted IP address.
1 Like