The sample code has following definitions:
#define kApiKey @"y6pWAJNyJyjGv66IsVuWnklkKUPFbb0a"
#define kApiSecret @"y6pWAJNyJyjGv66IsVuWnklkKUPFbb0a"
#define kMerchantToken @"fdoa-a480ce8951daa73262734cf102641994c1e55e7cdf4c02b6"
I believe it is not safe to store/define API Key and API secret this way for production app as hacker may find a way to get them. Then what is the recommended approach for production app? please provide instruction as detail as possible and provide reference links to the solution if available?