API密钥放在哪里?资源，清单中的元数据还是静态变量? [英] Where to put the API key? Resources, Meta-data in Manifest or static variable?

问题描述

我正在尝试找出将API密钥添加到我的Android应用程序中的最佳做法.

I'm trying to figure out what is the best practice for adding the API's key into my Android application.

-有人建议在Manifest.xml文件中使用meta-data-链接.这让我感觉最好在resources文件中添加密钥.

-Some people recommend to use meta-data in the Manifest.xml file - link. Which made me feel like, it is better that adding the key in the resources files.

<meta-data android:value="key_value" android:name="api_key"></meta-data>

-有人说，将其添加到resources-链接

-Some people says, add it into the resources - link

<string name="api_key">api_key_value</string">

-我们可以在类代码中简单地添加它

-We can simple add it within the class code

api.configue("api_key_value");

-有人说在Manifest.xml和resources文件中添加密钥将允许其他应用读取它-链接.

-Some people says adding the keys in the Manifest.xml and the resources files will allow the other apps to read it - link.

<string name="foo">bar</string">

我并没有试图找到最佳的安全方式，因为对于我来说，我会将密钥保存在服务器中并在运行时检索它.

I'm not trying to find the best secure way, because for me I would save the Key in my server and retrieve it in the runtime.

我要问的是最佳的遵循方法和最佳实践.

I'm asking about the best approach to follow and the best practice for that.

谢谢.

推荐答案

我没有关注这个问题，因为似乎您已经确定要使用API​​密钥(在服务器中)做什么.

I didn't follow the question, because it seems that you already determined what to do with the API key (in the server).

关于Android中可能存在的API密钥隐藏的一篇很棒的文章: http://www.androidauthority.com/如何在Android 600583中隐藏您的API密钥/

A great article about the API keys possible hideouts in Android: http://www.androidauthority.com/how-to-hide-your-api-key-in-android-600583/

在您的情况下，由于您将在运行时从服务器检索密钥，因此我将按照文章中的#4:API密钥公共/专用密钥交换进行操作，但可以麻烦的

In your case, since you're going to retrieve the key during runtime from the server, I would follow #4: API key Public/private key exchange from the article, but it can be cumbersome.

此外，我会考虑使用NDK方法(文章中的#3 ).作为客户端方法，这非常简单.

Also, I would consider the NDK approach (#3 from the article). It's quite simple as a client-side approach.

这篇关于API密钥放在哪里?资源，清单中的元数据还是静态变量?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！