tags:

views:

648

answers:

4
+4  Q: 

Shared secret with API in an Ajax Adobe AIR app

I'm pretty new to developing AIR apps, so maybe this is a dumb question, but I can't seem to find any answers from google. Any help you can give me is greatly appreciated.

I'm building an AIR app with Ajax using an api that is identical to flickr's Api, with a shared secret key. The problem is that the air installation package contains all the source and I don't want to give away my shared secret. Is there any way to do this? Can I hide some source, or somehow include this shared secret within the app without giving it away?

Thanks for your help.

A: 

First question - does the license allow you write an app and give it to someone else to use with your key, rather than having their own key?

If so, and if this is an AIR-compatible SDK, they should have some method they recommend.

EDIT:

This question describes how flickr provides access to extra resources with a key. If this is an AIR app, are you jumping through the sandbox hoops to provide a simultaneous internet and desktop app?

le dorfier  2008-11-17 03:33:14
+2  A: 

You may want to use EncryptedLocalStore to securely store you API key.

But, you won't be able to distribute it with the application as the store's encryption depends of which OS the application is running on.

A method to seed the store would be, on app's install:

  1. Run installer
  2. Run post-installation scripts as needed.
  3. Check the store. If no key is present, download the key from your website and store it in the ELS.

Using this method, the user will never know your key but it will be present in app's store.

Pierre-Yves Gillier  2008-11-24 10:12:05
How do you get the key in the first time the AIR app is installed on the client? It will be in the code, which apparently the user has according to the asker of the question.
 2008-12-23 12:58:23
Read step 3 above. The app wouldn't ship with the key, but the first time it's run it would connect to it's website and download the key for storage in the ELS.
Bob Somers  2008-12-23 22:15:37
I stand corrected. Thank you.
 2008-12-24 22:43:06
A: 

I would either store the key on the server and retrieve it using SSL (https://) and the flash.net.URLLoader class or store it in the encrypted SQLite database. Obviously the database creates a lot more overhead if you aren't already using it, so I'd go with the first option if you're not going to use the SQLite database now or in the future.

 2008-12-23 12:53:18
A: 

You can use the EncryptedLocalStore like Pierre-Yves Gillier mentioned. There is a method to detect if the application is run from the first time. But I'd go for this method:

Check if the Encryptedlocalstore has the api key and if not grab it from server amd store it.

Vasil  2008-12-23 21:47:27

related questions

How can I build an Adobe Air project with Maven?
Tips, Guides and/or Tutorials on writing a Windows desktop app for a PHP programmer by trade
How do I make a custom Flex component for a gap-fill exercise?
What are the print functions in Adobe AIR ?
How can I detect and invoke a user's local installation of the AIR runtime on a particular AIR application?
How do I unload a externally loaded SWF file from a SWFLoader component in Adobe Flex?
Can I generate a Flex web and Air desktop app from the same source code?
Is there another way to integrate PDF viewing in a Flex application?
How do I protect content in AIR?
Which plaform for a lightweight windows desktop app for internal use to run basic console commands (WPF, AIR, something else)?
E4X : Assigning to root node
Printing in Adobe AIR - Standalone PDF Generation
Best way to implement 1:1 asynchronous callbacks/events in ActionScript 3 / Flex / AIR?
Can the same Adobe AIR app run more than once?
Capturing Cmd-C (or Ctrl-C) keyboard event from modular Flex application in browser or AIR.
Adobe AIR: Handling JSON objects from server
How do I change the title bar icon in Adobe AIR?
Add a shortcut to Startup folder with parameters in Adobe AIR
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Can you access the windows registry from Adobe Air?
Adobe Air - Using multiple SQLite databases at once
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement