I am using Oauth1 to connect to NetSuite Restlet API for multiple customers. To do so I make use of these values to authenticate and sign the request
API URL
(unique per customer)Realm
(unique per customer)ConsumerToken
(64 char hexadecimal string)ConsumerSecret
(64 char hexadecimal string)AccessToken
(64 char hexadecimal string, unique per customer)TokenSecret
(64 char hexadecimal string, unique per customer)
ConsumerToken
and ConsumerSecret
is tied to my Application and is the same not matter which customer.
Question:
Is ConsumerToken
and ConsumerSecret
considered a secret? To what length do I need to secure those values given that they are not useful without also knowing AccessToken
and TokenSecret
.
Additional Info:
ConsumerToken
and ConsumerSecret
is stored unencrypted in the codebase. The Application is always deployed in an environment hosted by my company.The appplication is a background service with no user interface.