Using your personal API key in apps.

Discussion in 'iOS Programming' started by techwoman, Oct 17, 2016.

  1. techwoman macrumors newbie

    Joined:
    Nov 22, 2014
    Location:
    USA
    #1
    Hello,

    I am working on my very first app and thought of keeping it simple. I am just going to collect some data using readily available API and will display it on the app for user. Whichever API's I have been through, I noticed that the API owner will ask you to register and after registration you get an API key. The documentation of API says to use the API key along with the request.

    When you release the app to the app store, do you hard code your personal API key in the code? Sorry if this sounds a dumb question, but wasn't sure if there are any safety issues in sharing with the API key you receive after registration.
     
  2. PhoneyDeveloper macrumors 68030

    PhoneyDeveloper

    Joined:
    Sep 2, 2008
    #2
    Strictly speaking there is no way to securely encode the API key in your app. At best it can be obfuscated and it must be decoded to be used and a hacker can find it.

    The short answer is Yes, API keys are hardcoded.
     
  3. techwoman thread starter macrumors newbie

    Joined:
    Nov 22, 2014
    Location:
    USA
    #3
    Oh ok. I will be careful with it then. I wanted to use an API of an organization which is not very famous. Their process is they will provide me an API key after I register with them which I did. I didn't receive the key, so I emailed them and they said that they make their API user sign some kind of agreement. So I wanted to watch out before I use something in my app from security stand point.
     

Share This Page