How to Hide Third Party API Keys?
I’m currently working on my FindFurryFriend app and I signed up for a PetFinder api key and secret because my goal is to fetch pets and animal shelters from PetFinder! After getting the api key and secret, I read that it is very important to keep these hidden.
Why do we need to hide our API key?
We need to hide our key because if it is exposed (ex. pushed up to github), then anyone could copy the key, use it and act as that person. The potential for a rogue actor racking up some serious charges is very high (on a paid API key). Or, if its a free API, they could use all the calls and the issuing organization could invalidate the key.
How do we hide our API key?
For now- i’m going to hide my key in a secret folder.
- Create a file in Rails project root directory that starts with a period (this is called a dotfile). Ex)
.api_key.rb - Add a global variable to this file which will store our API key
3. Find the .gitignore file in the root directory and add the name of the file that holds the api key and add the name of the file to the end of the .gitignore file
4. Now when making an API call with the endpoint, we can use string interpolation to input the hidden API key with the global variable
Next steps…
For my next steps i’m going to try to fetch json data from the API. I’m still struggling with fetching it correctly! I’m currently trying to use the RestClient Gem. If anyone has any tips for me please share!
Happy coding ✌️
