Hiding application id/secret (1 Viewer)

doskabouter

Development Group
  • Team MediaPortal
  • September 27, 2009
    4,566
    2,938
    Nuenen
    Home Country
    Netherlands Netherlands
    Hi,

    I'm searching for a while now for best practices on using api calls which require an application id and a secret.
    If I set it directly in my source then it's publicly available to anyone once I push my code to github, and judging from the terms that's not really acceptable.
    I can add some obfuscation to it, but in the end it's decryptable by someone simply by debugging the code, and or use a sniffer.
    Alternatively I could let users get an application id themselves, but that is bad for the userexperience.

    The api is the one from vimeo (for onlinevideos), but i can imagine that f.e. youtube and or others have the same problem.

    Anyone any insights on this?
    tagging @offbyone to see what his considerations were when developing the youtube part
     

    Edalex

    Community Plugin Dev
  • Premium Supporter
  • January 3, 2008
    2,955
    1,264
    Saratov
    Home Country
    Russian Federation Russian Federation
    MP-TVSeries sources doesn't have API key in it but ofc you could found it out with sniffer.
    Sorry for necroposting :oops:
     

    doskabouter

    Development Group
  • Team MediaPortal
  • September 27, 2009
    4,566
    2,938
    Nuenen
    Home Country
    Netherlands Netherlands
    No problem, this issue is still lingering somewhere on my list, so not necro from my end :)
    Do you know how that api key is used in the code? Is it only in the sources at the computer that is building the installer? Or somewhere else?
     

    Users who are viewing this thread

    Top Bottom