Is it possible to send message to Chrome Extension from Java Desktop Application?

How can I keep an API key secret in Java?

I'm writing a kind-of test desktop application for http://empireavenue.com. Developers register their application and get an application key which is used to make calls to the server. How can I keep the application key a secret? I'm writing my application in Java (and might make a chrome extension), and both of these can be easily decompiled to source, and the key exposed. How do developers keep information like this private from users?
Answer:

This is a common problem for all uses of API keys. Even when used with natively compiled languages, it is relatively straightforward to capture an API key because the user is free to set up his certificate trust chain to approve a local man-in-the-middle HTTPS sniffer. The best one can do is to obfuscate the key so that it is not readily visible to anyone who isn't looking for it (if they are looking for it, there's nothing you can do anyway). This usually involves either a simple cipher function, or just passing it through a convenient encryption library with a static or machine-dependent key. Another thing some people do is to pass all API authentication through their own proxy server. Then you can essentially issue your own API keys, dynamically giving out different keys to different users to track abuses and revoke keys as necessary. Your server is the only one that knows the real API key, so if any key needs to be revoked, you don't have to update every user, and you don't need to get a new API key from the upstream API provider.

Was this solution helpful to you?

Other answers

Another option to avoid giving the API key to a proxy is to ensure a strict certificate check on the SSL server. The developer could capture a copy of the certificate data. The drawback is this needs manual intervention if and when the API provider changes their SSL certificate.

Miguel Paraz

Hello Amit,You will get your API secret or API Access_Token during Login or Registration response. When you post your request of Login and Registration, in response it will provide Access Token or API Secret.String access_token = loginResponse.getData().getAccessToken();String apiSecret = configurationResponse.getData().getCloudinary().getApiSecret();Steps to store response data :-https://keshavtechinfo.wordpress.com/api-testing/api-automation/ and get their responseOnce you will get the response convert it into models using http://www.jsonschema2pojo.org/Create the object of response class and store the desired value from it.To Automate an API and validate their response you will go through https://keshavtechinfo.wordpress.com/api-testing/api-automation/ Link.

Keshav Kashyap

Related Q & A:

How can I keep my car clean?Best solution by Yahoo! Answers
How can I keep myself from sweating so much?Best solution by Yahoo! Answers
How can I keep the old My Yahoo page?Best solution by Yahoo! Answers
How can I keep track of receipts better?Best solution by Quora
How can I fix my delete key in VIM over ssh?Best solution by Stack Overflow

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.