I have a PC program which uses a API. I have the API key stored in the code, because there is no other way I can think of. Since I have no code/string obfuscator, how do I secure the API key, so no one can steal it?
Asked
Active
Viewed 658 times
1
-
1We have several questions here on securing API tokens. In summary, if you distribute an application to users, you can't store a secret key in it without the possibility that users extract that value. Even if it's well obfuscated in the code, a user can intercept the request to the API to capture the token. – Arminius May 25 '17 at 18:01
-
@danielk - is this your API, or someone else? – Kyle Rosendo May 25 '17 at 18:26
1 Answers
5
Put simply, there is no bulletproof way of concealing a string if it is being made available on the client-side.
Maybe instead of giving the user access to the API key, make the client contact your own server and perform API requests from there, if you do this then you will be able to limit unauthorised use of your API key.
Adam Lindsay
- 669
- 4
- 7