Is my API Key safe since it is on the source code of each page of my website?

The swarmcdnkey is a public-facing API key intended for use on all your website’s public pages.
It does not grant access to your Swarmify account or dashboard.

⚠️ What unauthorized use looks like

The only practical misuse is someone copying your key to power SmartVideo on a site you don’t own.

Unauthorized views do count toward your monthly view total and plan limits until the key is locked to your domain(s).

  • Unauthorized sites often fail anyway due to domain mismatch and other safeguards, but views that do get served will show up in your usage.
🔒 How to lock your key to your domain(s)

Domain locking is applied by our support team — there’s no self-serve toggle in the dashboard.

If you suspect unauthorized use, or just want tighter security up front, email support@swarmify.com with the domain(s) you want authorized. Once locked, only those domains can use your key — every other site is blocked.

💡 Why locking isn’t on by default

We leave domain restrictions off by default so you can test across:

  • staging environments

  • local or developer machines

  • temporary or personal domains

If you’d rather trade that flexibility for tighter security, email support and we’ll set it up.

📊 Monitor your usage

Check your dashboard periodically for unexpected view spikes. If something looks off, contact support — we can review activity and apply domain locking for you.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us