user14665305
Reputation: 245
Looking for options to secure API keys within Ionic App?
I am using Ionic 7 with Angular for Mobile App development and now need to securely store a key for an REST API.
In my test app, the API key is simply stored inside webservices.component.ts as per below example, but for production, I want to ensure that the API key is not accessible as plaintext, i.e. if someone hacks into the app stored on iOS and/or Android devices.
const MobileApiKey: string = “xxx-aaa-bb-999”;
What are the options?
Upvotes: 0
Views: 39
Answers (1)
StackOverHoes
Reputation: 146
There is several ways to do this, pick your poison:
- Environment Variables: Use environment variables to store API keys outside of your source code. Reference them in your app's configuration.
- Ionic Storage: Use Ionic Storage with optional encryption to securely store data locally on the device.
- Secure Storage Plugins: Utilize plugins like cordova-plugin-secure-storage-echo for secure key storage on iOS and Android.
- Backend Proxy: Create a backend service that handles API requests, keeping API keys on the server side instead of the client.
- Database Storage Store API keys in a database with encryption, centralized management, access control, and audit trails for better protection.
Upvotes: 0
Related Questions
- Implementation of single mobile login of an account
- CORS issue in ionic app
- Hybrid App - Ionic vs NativeScript
- Displaying web page in Ionic V4 app - inconsistencies
- Single Ionic app for web and mobile or two separate Ionic and Angular apps?
- Creating a RESTful api for my Ionic app
- Ionic framework: Single code base for various mobile devices (iOS, Android, phones, tablets)?
- How to secure my Google Maps Javascript V3 API Key within an Ionic/Cordova App?