Safety concerns and lack of transparency

  • dantek

    (@dantekavala)


    1 month, 3 weeks ago

    The free version uses a shared global API key managed by the plugin developer.

    This detail is not mentioned anywhere on the WordPress plugin page, and is only in their documentation on the developer’s own website. That’s misleading, because it means:

    • The Google API quota is shared across all free users, so even if I only need one sync per day, it may fail due to other users exhausting the quota.
    • It could risk issues with Google’s policies if the shared API key is abused by other users and affect your own account/website

    In short, the plugin doesn’t behave transparently as advertised. I’d recommend avoiding it unless the developer changes this approach or makes the shared API setup clearly disclosed on the WordPress page.

Viewing 1 replies (of 1 total)
  • Plugin Author Abdullah Kaludi

    (@abdullah17)

    1 month, 2 weeks ago

    Hello @dantekavala,

    Thanks for sharing your concern! We understand that using a shared API key can seem unclear at first, so we want to explain how it works and why it’s safe.

    ✅ Safe to Use – The shared global API key is fully safe and has passed CASA verification. We have confirmed its usage with Google, so there are no security risks to your account or website. Using this API key does not expose your personal data or credentials.

    👥 User-Friendly Approach – Not every user is familiar with creating their own Google API key. Setting up a personal key can be complex for non-technical users. The shared API is provided as a convenient option to get started quickly.

    📊 Quota Management – While the free version uses a shared API key, it is carefully managed to ensure reliable performance for most users. For heavy usage or guaranteed quotas, the PRO version allows each user to connect with their own API key.

    🔄 Entry Recovery – Occasionally, some entries may be missed due to quota limits. We are planning to implement a cron-based system that can automatically recover missed entries based on user settings.

    📚 Transparency – We aim to make the shared API setup clear in the plugin documentation to avoid confusion.

    🔗 Sources / Verification:

    • Google API security guidelines: https://developers.google.com/identity/protocols/oauth2
    • CASA verification ensures proper handling of API credentials in shared setups.
      CASA Verification / Security Assessment: This plugin has passed CASA verification, which ensures it complies with Google’s security standards for handling API data. More details on Google’s security assessment process can be found here:
      Google Cloud Security Assessment

    In summary, the plugin is 100% safe, beginner-friendly, and designed to help users start using Google Sheet integrations without technical hurdles. Users concerned about API limits or higher usage can switch to using their own API key via the PRO version.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this review.