If your API Key is leaked, malicious entities may use it to spend your quota or even delete some of your data.
Storing API keys in your code means you are exposing them through your version control system in plain text. Even if your repository is private and secure - this key will be transferred in an unsecured way.
When you publish and distribute an application (such as iOS/Android/Unity/Unreal), it is possible to de-compile, extract your API key, and start spending your Didimo points. Even if you try to protect it with obfuscation or other techniques, it is possible to reverse-engineer your app and extract the API Key. Secure your key on the server.
Establish a secure connection from your applications to your server, through some form of client/server authentication, and then have the backend make the requests to our API.
As soon as you suspect an API key may have been compromised, delete it and create a new one. That can be easily done through the Developer Portal.
Updated over 1 year ago