Dear Tom,
thank you for your question.
Currently, if using an hmac key, your key will not be visible :https://developer.myscript.com/docs/interactive-ink/1.3/web/rest/architecture/#credentials
We then recommend you proceed this way.
Best regards,
Olivier
if using an hmac key, my hmac key will stolen by others,Is that right?
Dear Tom,
as explained in our documentation, using thecomputeHMAC
will encrypt your keys. Therefore, there is nearly no risks your keys are stolen.
Best regards,
Olivier
Dear Tom,
I also recommend you refer to the "Being prodcution ready" part of the documentation: "https://developer.myscript.com/support/account/being-production-ready/"
You can for example use referer filters.
Best regards,
Olivier
thank you.
Can my encryption key be used by others?
Hackers get our web source code through the browser, you can get the application key and hmac key directly, how to prevent this from happening?
Dear Tom,
currently, we recommend you proceed as follows:
-First, you have your own server, which receives all the requests from your application. Let's say the URL of your server is MYSERVERURL.com
-Then, on the cloud dashboard you have on our CDK, you shall create a referer filter:
-Login to the https://cloud.myscript.com
-Go to "Applications"
-Select the application you want to apply the referer filter
-Open it
-Go to the bottom of the page
-Select "Create application filter"
-For the filter type, select "Referer" and in the "Value" field, set MYSERVERURL.com
=>This way, any request coming from any other URL than MYSERVERURL.com will be rejected.
Best regards,
Olivier
Tom Pang
How to ensure that key is not stolen by others