Securing Everlive API Key

4 posts, 0 answers
  1. Jesse Herrera
    Jesse Herrera avatar
    39 posts
    Member since:
    Jul 2006

    Posted 10 Oct 2013 Link to this post

    I've been searching but haven't found a clear explanation of how to secure the API key so it isn't listed in the JavaScript source. My Everlive project is working well so far but I still have the API key stored in a variable in my script. I've seen some posts eluding to how this isn't necessary but I'm not sure how to make it happen. Thanks for your time.

    Thanks,
    Jesse
  2. Steve
    Admin
    Steve avatar
    10941 posts

    Posted 11 Oct 2013 Link to this post

    Hi Jesse,

    What you should be concerned about is the account key or application Id in the source code. Right now, everyone can easily get access to all your apps using your account key or application ID. Exposing your API Key in your application is required, because everlive security layer and all permissions are on top of it.

    Regards,
    Steve
    Telerik
    You've missed the Icenium Visual Studio Integration keynote? It has been recorded and posted here.
    Looking for tips & tricks directly from the Icenium team? Check out our blog!
    Share feedback and vote for features on our Feedback Portal.
  3. Jesse Herrera
    Jesse Herrera avatar
    39 posts
    Member since:
    Jul 2006

    Posted 11 Oct 2013 Link to this post

    Hmmm, I'm not sure what you are referring to when you say account key or app id. Can you give me a brief rundown on the best practices with regards to security of account key, app id, api key, etc. and what they mean? or point me to an article that breaks it down for me. Thank for your time!

    Thanks,
    Jesse
  4. Steve
    Admin
    Steve avatar
    10941 posts

    Posted 14 Oct 2013 Link to this post

    Hi,

    The Account key can be used to bypass application security and grant you access to manage all apps in your Everlive account similar to the Everlive portal. This key is the same for all apps part of your account and that is why you should not deploy it with your app. For more information refer to the API Key section in the Everlive portal and the Security section in the Everlive documentation.

    Regards,
    Steve
    Telerik
    You've missed the Icenium Visual Studio Integration keynote? It has been recorded and posted here.
    Looking for tips & tricks directly from the Icenium team? Check out our blog!
    Share feedback and vote for features on our Feedback Portal.
Back to Top