I am thinking about developping an ios app/android app for the forum. If I had put my API key in the app, in order to let people use normal function, do you think it will be security issue?
Yes. The “master api key” allows a holder to use it to act as any user.
The app should store cookies, instead.
I think you need to use per user API keys. It can be generated on user page in admin area.
But i still can’t understand why i need to generate every key for each user and why it doesn’t pregenerated.