I've written several scripts that make use of the gdata API, and they all (obviously) have my API key and client ID in plain-text. How am I supposed to distribute these?
+2
A:
Move the variables into a separate module and replace your values with dummy values. Make sure you trap for an invalid key and provide instructions on how to obtain a key and where to place it. In your code you can just import the values from that module.
import gdata_api_key
print gdata_api_key.key_value
Sam Corder
2009-02-04 23:16:32
Beat me to it *sigh* +1.
Aaron Maenpaa
2009-02-04 23:18:48
requiring users to go get an api key seems like a good way to not get any users
Dustin Getz
2009-11-08 19:52:49
A:
If we assume that you want clients to use their own keys I'd recommend putting them in a configuration file which defaults to an (invalid) sentinel value.
If on the other hand you want the script to use your key the best you can do is obfuscate it. After all, if your program can read it then an attacker (with a debugger) can read it too.
Aaron Maenpaa
2009-02-04 23:18:05