Is it best practice to put "secure key" as part of the android code and generate apk for distribution. I make some rest calls inside my app, where "secret key" to call external services are passed as part of the HTTP headers.Is that a good practice? Will there be a chance of running my apk for eg on emulator and intercept rest calls,there by gaining access to the secret key am passing?
Asked
Active
Viewed 88 times
0
-
what exactly u want put some example – Kevan Aghera Jun 14 '17 at 09:19
-
For example I need to make a rest call to fetch data and show on the screen. The rest api is publised by third party vendor, who provides us a secret key to call their API, which is unique to us. That key we need to set it in each request header. I am currently defining the key in constant file and setting it in header directly in Spring Rest api calls. Is that a good practice. Will there be a way someone can intercept and get the key ,if tried to hack.? – sudharsan tk Jun 14 '17 at 09:38
-
i think you have config file for configuration a API? right? – Kevan Aghera Jun 14 '17 at 09:42