Page 1 of 1

API Key security

Posted: Mon Apr 19, 2021 12:39 pm
by jenkinsta
was reading this https://www.sapien.com/blog/2012/04/30/ ... -packages/
about creds in code.

What I have is an API client and key that I need to secure.

Request-SpecialToken "EXAMPLEID" "EXAMPLEKEY"

Anyway to secure that using the ConvertTo-SecureString?

$c = ConvertTo-SecureString "EXAMPLEID" -AsPlainText -Force

Didnt work

Re: API Key security

Posted: Mon Apr 19, 2021 1:12 pm
by jvierra
I thi8nk you want to convert the token and not the ID. A token is usually only good for one session so it cannot be persisted and reused. Check the documentation for teh API to understand how they use tokens and how to use them.

Re: API Key security

Posted: Mon Apr 19, 2021 1:24 pm
by jenkinsta
it all works fine just need to obfuscate the clientid and key from reversing the exe. The module I am calling takes those two and validates then gets the token for later actions.

Re: API Key security

Posted: Mon Apr 19, 2021 4:16 pm
by jvierra
So what is not working? You cant use an encrypted string without decrypting it. In an EXE this would happen automatically if the strings are stored inside the code as a global.