If I hardcode my API key in my app


(Emma Fu) #1

I am thinking about developping an ios app/android app for the forum. If I had put my API key in the app, in order to let people use normal function, do you think it will be security issue?


(Kane York) #2

Yes. The “master api key” allows a holder to use it to act as any user.

The app should store cookies, instead.


(Руслан Корнев) #3

I think you need to use per user API keys. It can be generated on user page in admin area.
But i still can’t understand why i need to generate every key for each user and why it doesn’t pregenerated.