Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: how to hide information in code

by jcb (Parson)
on Aug 12, 2019 at 03:09 UTC ( [id://11104313]=note: print w/replies, xml ) Need Help??


in reply to how to hide information in code

Another option is to provide restricted API keys that are associated with accounts in the server's database and are otherwise random numbers. An ordinary UUID can be used for this purpose quite well. The only requirements are that the API key / bearer token / whatever you want to call it be unpredictable and impossible to derive from the account.

You then simply put the bearer token in the script, and the server authorizes the request based on the token matching an account and also looks up which account based on the token. The token is not valid anywhere else, certainly not for logging in, and is usable only for this particular API GET endpoint.

In practice, this is how most Web-based logins work. Log in with username/password, receive a "session ID" cookie that is more-or-less what I just described except that it grants full access to the account instead of only one scriptable API endpoint.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11104313]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (5)
As of 2024-04-24 07:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found