iOS: Is there a safe way to include an API key in the code?

Question

Amazon has an AWS SDK for iOS, along with several sample apps. In their samples, they put the API credentials in a Constants.h file:

// Constant         


        

Answer 1

There are a couple of credential management options to help you avoid embedding credentials in your app. The first is Web Identity Federation, which allows users to log in to your app with Facebook, Google, or Login With Amazon. Another option is to use a Token Vending Machine, which is a server component that distributes temporary credentials to your app.

There is a high-level overview with pointers to the relevant documentation and code samples on the AWS Mobile Development Blog: http://mobile.awsblog.com/post/Tx3UKF4SV4V0LV3/Announcing-Web-Identity-Federation