I am making an application in flutter and I am using a payment gateway, specifically the MercadoPago SDK. This SDK needs a series of keys for its correct operation but i use them in the following class saved in Strings to use them in the application:
This is my globals.dart
library my_prj.globals;
String mpTESTPublicKey = "TEST-ABCDEFG";
String mpTESTAccessToken = "TEST-HIJKLM";
String mpPublicKey = "APP_USR-123456";
String mpAccessToken = "APP_USR-78910";
String mpClientID = "1234566789";
String mpClientSecret = "A1B2C3D4E5";
I find myself using these keys as follows in the application:
Future<Map<String, dynamic>> buildPreference() async {
var email = common.email;
var name = common.displayName;
var mp = MP(globals.mpClientID, globals.mpClientSecret); //Client secret ID
var preference = {
"items": [
{
'title': common.title,
'quantity': 1,
'currency_id': 'COP',
'unit_price': common.price
}
],
'payer': {'name': name, 'email': email},
};
var result = await mp.createPreference(preference);
return result;
}
Future<void> executeMercadoPago() async {
buildPreference().then((result) {
if (result != null) {
var preferenceId = result['response']['id'];
try {
const channelMercadoPago =
const MethodChannel("example.com/mercadoPago");
final response = channelMercadoPago.invokeMethod(
'mercadoPago', <String, dynamic>{
"publicKey": globals.mpTESTPublicKey, //Public test key
"preferenceId": preferenceId
});
print(response);
} on PlatformException catch (e) {
print(e.message);
}
}
});
}
However, researching I found that when releasing the application, it is possible for people to have access to the code and information of these keys, for this I would like to know if there is any way to use this information within the application with full security.
I have thought of encrypting these Strings, however, I do not know if this encryption can be accessed and then they can easily decrypt it.
