Forums

Start a new topic

iink SDK Web

How to ensure that key is not stolen by others

How to ensure that key is not stolen by others

7 CommentsSorted by Oldest First

Dear Tom,


thank you for your question.


Currently, if using an hmac key, your key will not be visible :https://developer.myscript.com/docs/interactive-ink/1.3/web/rest/architecture/#credentials


We then recommend you proceed this way.


Best regards,


Olivier

if using an hmac key,  my hmac  key will stolen by others,Is that right?

Dear Tom,


as explained in our documentation, using thecomputeHMAC will encrypt your keys. Therefore, there is nearly no risks your keys are stolen.


Best regards,


Olivier

Dear Tom,


I also recommend you refer to the "Being prodcution ready" part of the documentation: "https://developer.myscript.com/support/account/being-production-ready/"


You can for example use referer filters.


Best regards,


Olivier

thank you.

Can my encryption key be used by others?

Hackers get our web source code through the browser, you can get the application key and hmac key directly, how to prevent this from happening?

Dear Tom,


currently, we recommend you proceed as follows:

-First, you have your own server, which receives all the requests from your application. Let's say the URL of your server is MYSERVERURL.com

-Then, on the cloud dashboard you have on our CDK, you shall create a referer filter:

-Login to the https://cloud.myscript.com

-Go to "Applications"

-Select the application you want to apply the referer filter

-Open it

-Go to the bottom of the page

-Select "Create application filter"

-For the filter type, select "Referer" and in the "Value" field, set MYSERVERURL.com


=>This way, any request coming from any other URL than MYSERVERURL.com will be rejected.


Best regards,


Olivier