I need to authenticate securely to a third party site for a SSL REST api call. I have the API call part working but I want to save the third party credentials in my app engine datastore, or maybe somewhere else? I have no idea how im supposed to do this.
The SSL call looks like:
credentials = base64.encodestring('%s:%s' % (username, password))[:-1]
request = urllib2.Request(accounts_url)
request.add_header("User-Agent", user_agent)
request.add_header("Authorization", "Basic %s" % credentials)
stream = urllib2.urlopen(request)
response = stream.read()
stream.close()
which means my app unfortunately needs to know the plaintext password. It doesn't make sense to me to AES encrypt it (not a hash--reversible) because the decryption key would need to be known by my app also so if my app is compromised no real security over storing plaintext was added.