Reputation: 228
Why should you keep your API Secret and key hidden?
I was thinking about adding a twitter feed function of read only to one of my Android apps, so it lets people know when I made a new app. All the guides on how to add this hides the API key and secret.
Can someone tell me why?
I understand if it had a read and write function. But, giving it only shows a read function. I don't understand why they are hidden
Upvotes: 1
Views: 157
Answers (1)
Reputation: 39406
Those 2 elements identify you whenever you make a request to the API.
You don't want someone to impersonate you, because you agreed to T&Cs that define how you are supposed to use the API.
Typically that includes how much you can use the API (particularly relevant when you have a paid plan), what you are allowed to do with it and what you are not allowed to do with it.
Not keeping those elements secret may expose you to fraudulent use, and you may be liable for it.
You might want to ask in further detail on Law the implications of that.
Upvotes: 2
Related Questions
- Securing API key in Android
- Android store API Keys in secret
- Where to put API key for Twitter Key for Android
- Protecting twitter keys on Android
- Why twitter requires API key secret and Access Token Secret?
- how secure is it to have twitter consumer key and secret hardcoded in android app?
- Android twitter4j custom API keys
- Secure API Key Android
- API Key and security
- What are the risks of exposing the not-so-secret oauth key? Are there any workarounds?