I am using Oauth1 to connect to NetSuite Restlet API for multiple customers. To do so I make use of these values to authenticate and sign the request
API URL(unique per customer)Realm(unique per customer)ConsumerToken(64 char hexadecimal string)ConsumerSecret(64 char hexadecimal string)AccessToken(64 char hexadecimal string, unique per customer)TokenSecret(64 char hexadecimal string, unique per customer)
ConsumerToken and ConsumerSecret is tied to my Application and is the same not matter which customer.
Question:
Is ConsumerToken and ConsumerSecret considered a secret? To what length do I need to secure those values given that they are not useful without also knowing AccessToken and TokenSecret.
Additional Info:
ConsumerToken and ConsumerSecret is stored unencrypted in the codebase. The Application is always deployed in an environment hosted by my company.The appplication is a background service with no user interface.
