So I'm using my personal steam web api key in a project and its my first time using an api key in a program. I don't have any idea about the safe-use of this key in terms of hiding it.
Could somebody guide me in this aspect? I'm developing in Java.
Asked
Active
Viewed 609 times
0
-
there is no way to hide it – Iłya Bursov May 18 '17 at 17:36
2 Answers
2
One suggestion is, put your API key in a different file and read it in at the beginning of you program and assign it to a variable. Also, if you are uploading to github dont forget to gitignore your api key file!
Manish Mallavarapu
- 425
- 3
- 12
-
Thats sound cool, and gave me the idea to create another program that proccess the API key request and return to the different clients the proper information. By that way, i only have to use it in my "API Key Request" application – JD0001 May 22 '17 at 13:48
0
Two other approaches:
If you're using Heroku or some other cloud service, you can store the API key in an environment variable and then your program can read it out when starting up.
If you have a database, you can store some config settings in the DB an, again, read them in when starting up. You might wish to use symmetric encryption so that a hack of the DB doesn't reveal your key but now you have two more problems: Wherere do you put your DB credentials? When do you put you symmetric key? ;-)
HTH
Jim Grimmett
- 661
- 6
- 10