发表新帖
发表新帖

Correct way of storing API Keys in flutter following best practises

前端 未结
关注
4 1183
佛祖请我去吃肉
佛祖请我去吃肉 2020-12-23 14:36

Which is the correct way(best practice) of adding secret API keys in flutter in case I want to push the code on github. I\'ve made a simple app that consumes an API b

相关标签:
4条回答
  • 太阳男子
    2020-12-23 15:06

    Edit: Look at J. Saw's comment below

    Use Firebase Remote Config. Inside the Firebase console, inside the menu, scroll down to Grow and then Remote Config. Here you can add a parameter with a value. When you're done don't forget to publish the changes. It's kind of subtle.

    Now install firebase_remote_config for Flutter.

    After importing everything, you can retrieve your value using this code:

    RemoteConfig remoteConfig = await RemoteConfig.instance;
await remoteConfig.fetch(expiration: Duration(hours: 1));
await remoteConfig.activateFetched();

remoteConfig.getValue('key').asString();

    This way, the API key or token is never part of your application.

    Note: there is currently an issue where you get a warning stating the application's name is not set, but this won't affect functionality.

    0 讨论(0)
  • 长情又很酷
    2020-12-23 15:07

    As mentioned, if the key is a secrete and you would like to protect it then simply do not put it in the client app. The app can be de-compiled and the key can be extracted for person willing to target your client.

    I would delegate the task of communicating with this API to your Application Server. You can put the key in your server and have your server communicate with this external API and relay the response to the client.

    Edit: Another approach, which is less secure but more convenient is to obfuscate your code using something like proguard. See this page for flutter instruction on android app: https://flutter.io/android-release/

    0 讨论(0)
  • 太阳男子
    2020-12-23 15:08

    For secure storage you have to rely on the corresponding native platforms, both iOs and Android provide a mechanism to securely store keys. You can implement it by yourself and use the flutter channels to obtain and store the keys. Information about this mechanism can be read here:

    Android Keystore

    iOs KeyChain

    Also, you can use this flutter plugin, which uses the services mentioned above and provides a dart object to access the secure storage.

    0 讨论(0)
  • 南方客
    2020-12-23 15:09

    You can use flutter_secure_storage from the oficial Flutter Packages

    0 讨论(0)
 看不清?
提交回复
热议问题