This is a migrated thread and some comments may be shown as answers.

Securing Everlive API Key

3 Answers 223 Views
General Discussion
This is a migrated thread and some comments may be shown as answers.
This question is locked. New answers and comments are not allowed.
Jesse Herrera
Top achievements
Rank 1
Jesse Herrera asked on 10 Oct 2013, 09:22 PM
I've been searching but haven't found a clear explanation of how to secure the API key so it isn't listed in the JavaScript source. My Everlive project is working well so far but I still have the API key stored in a variable in my script. I've seen some posts eluding to how this isn't necessary but I'm not sure how to make it happen. Thanks for your time.

Thanks,
Jesse

3 Answers, 1 is accepted

Sort by
0
Steve
Telerik team
answered on 11 Oct 2013, 10:05 AM
Hi Jesse,

What you should be concerned about is the account key or application Id in the source code. Right now, everyone can easily get access to all your apps using your account key or application ID. Exposing your API Key in your application is required, because everlive security layer and all permissions are on top of it.

Regards,
Steve
Telerik
You've missed the Icenium Visual Studio Integration keynote? It has been recorded and posted here.
Looking for tips & tricks directly from the Icenium team? Check out our blog!
Share feedback and vote for features on our Feedback Portal.
0
Jesse Herrera
Top achievements
Rank 1
answered on 11 Oct 2013, 01:55 PM
Hmmm, I'm not sure what you are referring to when you say account key or app id. Can you give me a brief rundown on the best practices with regards to security of account key, app id, api key, etc. and what they mean? or point me to an article that breaks it down for me. Thank for your time!

Thanks,
Jesse
0
Steve
Telerik team
answered on 14 Oct 2013, 11:16 AM
Hi,

The Account key can be used to bypass application security and grant you access to manage all apps in your Everlive account similar to the Everlive portal. This key is the same for all apps part of your account and that is why you should not deploy it with your app. For more information refer to the API Key section in the Everlive portal and the Security section in the Everlive documentation.

Regards,
Steve
Telerik
You've missed the Icenium Visual Studio Integration keynote? It has been recorded and posted here.
Looking for tips & tricks directly from the Icenium team? Check out our blog!
Share feedback and vote for features on our Feedback Portal.
Tags
General Discussion
Asked by
Jesse Herrera
Top achievements
Rank 1
Answers by
Steve
Telerik team
Jesse Herrera
Top achievements
Rank 1
Share this question
or