Wrapping a third-party API so no one can see the API-Key and mess around?

shawly · July 27, 2016, 11:55am

So I’m developing a channel for my favorite Anime streaming website, their REST API is secured via an API key I got, the problem with this is, that everyone could easily see that key in the source code of my channel which proposes a risk of getting my key disabled because people could mess around with it…

What would be the best way to secure the API key so nobody else can use it?

dane22 · July 27, 2016, 3:58pm

You can’t.

Even if you hashed it, encrypted it or siml, then during connection to the site, people could grab it with like wireshark.

I strongly suggest instead, that you put the API key into your channel prefs, allowing others using your work, to register their own api key

/T

Topic		Replies	Views
OpenAI API Key Stored in Plaintext (Security Risk) Plex Labs plexamp	1	78	October 16, 2025
Location Public key Dev/API Corner other-dev	1	115	January 8, 2020
obfuscation channel code Dev/API Corner plugin-dev	6	81	December 20, 2019
[REQ] Utilize API keys instead of Plex credentials for future 3rd party add-ons Feature Suggestions	0	56	April 3, 2014
PlexAmp OpenAI API token compromised Plex Labs	5	173	December 4, 2025

Wrapping a third-party API so no one can see the API-Key and mess around?

Related topics