Reputation: 137
How to store an api key safely, template file
I never used api calls before, so perhaps this is a dumb question But i want to use an api call in an template. (basicly, what it will do is check the current price of a product and output that)
Now for using and storing the api key. Would adding this to the template file be unsafe? If so, what would be a proper way to do this?
$key = 123456789
geturl.com?apikey=$key
Upvotes: 1
Views: 3181
Answers (1)
Reputation: 948
You should not store them in a file in the code-base, this is just asking for people to impersonate you.
This is unsafe because a) someone could look at the source code for a page and have your keys, and b) if this is in a code repository then someone could just search for apiKey and have yours and everyone else's - your key has been compromised without someone even knowing about your website.
Instead, you should store this in an environment variable, or encrypt the data in a file - and I've linked some articles to help you in doing one of those.
Upvotes: 2
Related Questions
- Where to store API keys in WordPress?
- Storing API keys on server
- Wordpress plugin - where to store a custom API Key?
- What is the laravel way of storing API keys?
- How to store the API keys of my clients in a secure way?
- How can I store a private api key in a source file?
- Using an API Key System
- REST API Security using Signature, where/how to store secret key?
- How to securely use api key
- How to implement an API key on PHP software?