Yep, that is true Kyle. I tried to phrase it as a “more secure” approach as opposed to an actual solution. It will deter many people, but yes, other will be able to use the API key to get/post.

I believe the advantage is that with the more secure approach, someone cannot simply open your database in the browser and start deleting/changing rows.

Remember, this is NOT a scalable approach, just meant for beginners who want to experience working with back-end without spending hours learning.