Netherlands
Hi,
I'm searching for a while now for best practices on using api calls which require an application id and a secret.
If I set it directly in my source then it's publicly available to anyone once I push my code to github, and judging from the terms that's not really acceptable.
I can add some obfuscation to it, but in the end it's decryptable by someone simply by debugging the code, and or use a sniffer.
Alternatively I could let users get an application id themselves, but that is bad for the userexperience.
The api is the one from vimeo (for onlinevideos), but i can imagine that f.e. youtube and or others have the same problem.
Anyone any insights on this?
tagging @offbyone to see what his considerations were when developing the youtube part
I'm searching for a while now for best practices on using api calls which require an application id and a secret.
If I set it directly in my source then it's publicly available to anyone once I push my code to github, and judging from the terms that's not really acceptable.
I can add some obfuscation to it, but in the end it's decryptable by someone simply by debugging the code, and or use a sniffer.
Alternatively I could let users get an application id themselves, but that is bad for the userexperience.
The api is the one from vimeo (for onlinevideos), but i can imagine that f.e. youtube and or others have the same problem.
Anyone any insights on this?
tagging @offbyone to see what his considerations were when developing the youtube part
