iOS Using your personal API key in apps.

[techwoman]

Hello,

I am working on my very first app and thought of keeping it simple. I am just going to collect some data using readily available API and will display it on the app for user. Whichever API's I have been through, I noticed that the API owner will ask you to register and after registration you get an API key. The documentation of API says to use the API key along with the request.

When you release the app to the app store, do you hard code your personal API key in the code? Sorry if this sounds a dumb question, but wasn't sure if there are any safety issues in sharing with the API key you receive after registration.

 

[PhoneyDeveloper]

Strictly speaking there is no way to securely encode the API key in your app. At best it can be obfuscated and it must be decoded to be used and a hacker can find it.

The short answer is Yes, API keys are hardcoded.

 

[techwoman]

Strictly speaking there is no way to securely encode the API key in your app. At best it can be obfuscated and it must be decoded to be used and a hacker can find it.

The short answer is Yes, API keys are hardcoded.

Oh ok. I will be careful with it then. I wanted to use an API of an organization which is not very famous. Their process is they will provide me an API key after I register with them which I did. I didn't receive the key, so I emailed them and they said that they make their API user sign some kind of agreement. So I wanted to watch out before I use something in my app from security stand point.