API 密钥放在哪里?清单中的资源、元数据还是静态变量? [英] Where to put the API key? Resources, Meta-data in Manifest or static variable?
问题描述
我正在尝试找出将 API 的密钥添加到我的 Android 应用程序中的最佳做法.
I'm trying to figure out what is the best practice for adding the API's key into my Android application.
-有些人建议在 Manifest.xml 文件中使用 meta-data - 链接.这让我觉得,最好在 resources 文件中添加密钥.
-Some people recommend to use meta-data in the Manifest.xml file - link. Which made me feel like, it is better that adding the key in the resources files.
<meta-data android:value="key_value" android:name="api_key"></meta-data>
-有人说,添加到resources-link
<string name="api_key">api_key_value</string">
-我们可以简单的将其添加到类代码中
-We can simple add it within the class code
api.configue("api_key_value");
-有些人说在 Manifest.xml 和 resources 文件中添加密钥将允许其他应用程序读取它 - 链接.
-Some people says adding the keys in the Manifest.xml and the resources files will allow the other apps to read it - link.
<string name="foo">bar</string">
我不想找到最好的安全方式,因为对我来说,我会将密钥保存在我的服务器中并在运行时检索它.
I'm not trying to find the best secure way, because for me I would save the Key in my server and retrieve it in the runtime.
我问的是要遵循的最佳方法和最佳实践.
I'm asking about the best approach to follow and the best practice for that.
提前致谢.
推荐答案
我没有听懂这个问题,因为您似乎已经确定了如何处理 API 密钥(在服务器中).
I didn't follow the question, because it seems that you already determined what to do with the API key (in the server).
一篇关于 Android 中可能隐藏的 API 密钥的精彩文章:http://www.androidauthority.com/how-to-hide-your-api-key-in-android-600583/
A great article about the API keys possible hideouts in Android: http://www.androidauthority.com/how-to-hide-your-api-key-in-android-600583/
在您的情况下,由于您要在运行时从服务器检索密钥,我将遵循文章中的#4:API 密钥公钥/私钥交换,但它可以是麻烦.
In your case, since you're going to retrieve the key during runtime from the server, I would follow #4: API key Public/private key exchange from the article, but it can be cumbersome.
另外,我会考虑 NDK 方法(文章中的#3).作为客户端方法,它非常简单.
Also, I would consider the NDK approach (#3 from the article). It's quite simple as a client-side approach.
这篇关于API 密钥放在哪里?清单中的资源、元数据还是静态变量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
