Keeping your api pair out of source code
This tutorial gives you some guidance on how to keep you api key and pair outside of your source code, so when you generate them it does not cause you headache.
As we mentioned in our tutorial about getting the api key and api secret you have a limited number of requests that you can make against our football API. It poses a danger to you if someone finds out your API pair. This could lead to somebody else using your quota. Therefore, it is a good idea to keep your pair safe and regenerate it from time to time. However, if the api key and api secret are in the source code base, this could create potential problems when changing your api pair. Therefore, we advise in keeping the pair outside of your source codebase. There are two ways in which you can do that. The first option is a configuration file, and the second option is a database table.
Tons of applications use configuration files to set some system wide variables outside of the code base. An example of this will be
.ini file. You can read more about this kind of files in wikipedia. Below follows an example of
.ini file with our api key and secret pair written in.
Most modern programming languages have support for parsing and extracting data from
LIVESCORE_API_KEY = demo_key LIVESCORE_API_SECRET = demo_secret
.inifiles. An example of this kind of language is PHP. We have listed an example of a PHP code that will give you the api key and api secret in variables in your PHP code.
When you place the configuration in a separate file, you should make sure that this file does not end up in the source code version management repository. This may expose it to others if your repository is public. In the case of GIT you can put the filename in the
$ini = parse_ini_file('path_to_ini_file'); // Will parse the contents of the ini file in the array var_dump($ini['LIVESCORE_API_KEY']); // Will output the api key var_dump($ini['LIVESCORE_API_SECRET']); // Will output the api secret
.gitignorefile so it does not get picked up when you do commits and pushes. In case you are making a web application accessible through a network, it might be a good idea to protect the file with access rights or forbidding it in the
.htaccessfile. This will prevent people from opening it in their browsers.
In a case where your project runs with a database, and your source code has access to it. You can create a configuration table where a configuration key name is associated with a value. This way when changing your api key and api secret you will have to update the records in the database without touching the source.
Always when you change your api key or api secret, verify them against the specific api endpoint: In this example, we have used the demo api key and secret pair. If you login in, you will see all examples with your own api key and api secret You can copy this example code by clicking the file_copy button.