So, I want to build a plugin that makes a call to an external API (which is metered and has an API key).
How do you manage that? Do I need to expose the API key in the code? Do I just take the hit of whatever cost this incurs from people using it? Would love to hear from people’s past experience here.
You probably want to have users input their own keys, and store them. Otherwise you would be billed for everyone using your plugin, not to mention anybody who just reads your key and uses it for whatever!
Many plugins just ask the users to input a key and save it in their settings; here’s a list of other options for how to store them if you want more details. In practice it’s simplest just to put them in the plugin settings, though, and what most plugins that need such keys do.