Reputation: 321
API Key and security
Recently, I was watching a video from google I/O 2011. In part of that session, speaker pointed out that developers should keep API keys (such as google place and etc) in their own server side rather than client side and avoid direct connection. sounds pretty secure but for doing such thing developers need their own server side and web service as well which is not possible sometimes. Now, I wounder is their any secure approach to use API key in the client application(maybe encryption)?
Upvotes: 0
Views: 928
Answers (1)
Reputation: 137398
It really depends on the API, I suppose. Most APIs I've worked with are utilizing calls from the application webserver to the API server. So in that case the client never can see the key; it's only the returned content they see.
On the other hand, if it really is a client to API call, there is really no point in encrypting they key, because it has to be decrypted before the call can be made anyway. And in that case the user could easily spoof it.
Upvotes: 1
Related Questions
- Security of Mobile Backend API key
- How can i secure this API in an APK file
- Securing API key in Android
- How to hide API Keys in Android
- API Key configuration android
- Securing private API key
- Secure API Key Android
- Android authentication and services API
- Protecting your api key in android
- apikey release android