How to ensure that key is not stolen by others
thank you for your question.
Currently, if using an hmac key, your key will not be visible :https://developer.myscript.com/docs/interactive-ink/1.3/web/rest/architecture/#credentials
We then recommend you proceed this way.
if using an hmac key, my hmac key will stolen by others,Is that right?
as explained in our documentation, using the
computeHMAC will encrypt your keys. Therefore, there is nearly no risks your keys are stolen.
I also recommend you refer to the "Being prodcution ready" part of the documentation: "https://developer.myscript.com/support/account/being-production-ready/"
You can for example use referer filters.
Can my encryption key be used by others?
Hackers get our web source code through the browser, you can get the application key and hmac key directly, how to prevent this from happening?
currently, we recommend you proceed as follows:
-First, you have your own server, which receives all the requests from your application. Let's say the URL of your server is MYSERVERURL.com
-Then, on the cloud dashboard you have on our CDK, you shall create a referer filter:
-Login to the https://cloud.myscript.com
-Go to "Applications"
-Select the application you want to apply the referer filter
-Go to the bottom of the page
-Select "Create application filter"
-For the filter type, select "Referer" and in the "Value" field, set MYSERVERURL.com
=>This way, any request coming from any other URL than MYSERVERURL.com will be rejected.