3 posts / 0 new
Last post
API key and API secret protection

The sample code has following definitions:
#define kApiKey @"y6pWAJNyJyjGv66IsVuWnklkKUPFbb0a"
#define kApiSecret @"y6pWAJNyJyjGv66IsVuWnklkKUPFbb0a"
#define kMerchantToken @"fdoa-a480ce8951daa73262734cf102641994c1e55e7cdf4c02b6"

I believe it is not safe to store/define API Key and API secret this way for production app as hacker may find a way to get them. Then what is the recommended approach for production app? please provide instruction as detail as possible and provide reference links to the solution if available?


Re: API key and API secret protection

Agree with that assessment. However, just to be clear, the sample app we've shared was created to showcase the ease of integration with Payeezy; it is not meant as a security implementation guideline. You should certainly adhere to iOS security best practices in securing your Payeezy credentials for your production app, just like you would with credentials for any other publicly accessible service. I would recommend you define an implementation in your app that leverages the iOS Keychain Services API - which is one approach.

Re: API key and API secret protection

If we have apps running on iOS and Android, we will have to take care of them separately. However, if the credentials could be stored on the server and then pass tokenized information to the clients, it could be taken care of in a singular way. That would ease the process of integration and payment.