PHP – protect private API keys

Android

Therefore, I have been searching for the security of the entire private API key, and I am confused about the method that should be taken, because I have not found the same person as my problem / method

I am developing an Android application that can work through a third-party API, which obtains access rights by requesting a private key. Now, 2 points:

>My application does not directly request the API used, but requests a set of PHP files I encode (hosted on the application website) to simplify the request and retrieve data from the API used. If allowed, let's call it "some kind of API". Therefore, only requests specifying that my API should request from the original API are sent from the application. Therefore, these requests do not need the original API private key, Because I can store it in a PHP file and use it when needed. > my application does not require users to register their account, so I don't have any user ID or name to use for requests

Therefore, you can see that I am not hiding the API key in the application code, nor am I trying to use user ID and signature to allow access to my API and continuous access to the original API

The fact is that although the PHP code can't actually be seen in the browser, it's not impossible to do this in other ways, so I don't safely store the key in it. So my question is simple, is this still the best way to hide the private API key, or should I reconsider the way of all these processes?

resolvent:

If I understand you correctly, you don't want to store the API key in a public web folder because the API key can be accessed publicly in some cases

My advice is to store the API key in a file outside the root web folder. Then, you need to / include the file in the script in the public folder

In a linux environment, it is as follows:

/var/www/your_script.PHP (public access)
/var/secure/api_key.PHP (private, web server doesn't access this directory)

In your_ In script.php

require_once 'api_key.PHP'; // example only, you will need to use the correct path
echo $api_key; // testing, you can use the key in the script

In API_ In key.php

$api_key = '15r723er8q5re';

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>