Why shouldn't we embed api key and access token in the app itself?

dummydost
dummydost edited October 2016 in General
Also, what exactly do you mean by embedding?
Pardon me if it's a stupid question, but how can it be misused?
Tagged:
  • Kailash
    Kailash
    @dummydost This only applies if you are distributing the apps to public. If it's your private setup, there are no issues.

    Embedding API key in distributed apps is fine, but you should never hardcode the secret key. It'll be easy to peek inside your app (be it a mobile app or a desktop app), obtain the secret key, and gain full access to your API.
  • dummydost
    dummydost edited October 2016
    @Kailash Oh that makes sense. Thanks for clearing it up.
This discussion has been closed.