0

I've decided to build an extension app for the SoundCloud music service. I'm using their JavaScript API/SDK. As a first step the application needs to get authorized using two credentials:

// initialize client with app credentials
SC.initialize({
    client_id: '32487239478237941111', // fake 
    redirect_uri: 'fakepage.html'
});

I would like to add this project to my portfolio. At the same time however I would like to hide the client_id, since it's my own key from my account that gives the app access. Since I'm not using their back-end api, what are my options in masking this token?

brooklynsweb
  • 817
  • 3
  • 12
  • 26
  • Obfuscating your scripts(?), unless you're expecting people to look through the source code. :| – Christopher Marshall Jul 28 '15 at 17:21
  • you typically don't need to hide the client_id, but you could always put it in an external config file outside of source control. – Lee Irvine Jul 28 '15 at 17:25
  • I want to avoid anyone making a malicious app that uses a key registered to my account. – brooklynsweb Jul 28 '15 at 17:28
  • @brooklynsweb what kind of project is it? node.js? browserify? – danillouz Jul 28 '15 at 17:31
  • Don't you have to authorize with the SoundCloud API before you can use client IDs? If I could just register new extensions by simply using your client ID and no other form of verification or authorization, then that seems like a failed system. – Brett Jul 28 '15 at 17:38
  • AFAIK - client_id is not a secret and there is no harm if people read it. May be this post will throw some more light http://stackoverflow.com/questions/22266729/google-oauth-keeping-the-client-id-secret – Wand Maker Jul 28 '15 at 17:39

0 Answers0