React SPA using the Kentico delivery client
I've been checking out the sample react cloud on github.
Since the content delivery API key is visible directly in the browser console for XHR calls, what's to stop someone using your API key and abusing the API limits set on your account? e.g. Dancing Goat's homepage:
Do you need to upgrade to a Professional tier account and enable the secured delivery API?
Also, does the sample react application have any delivery API caching at all?
Finally, is it possible to see the content structure of the dancing goat application inside Kentico Cloud?