iink SDK Web

How to prevent exposing application and hmac keys with iink?

Hi MyScript,

I am looking forward to integrating MyScript into my project, and when investigating the iink library, I wonder is there any method of using the library while preventing exposing the application and hmac keys. Because I notice that all relevant examples have these keys directly placed in the `register` call, which can have security implications. 

Can I use the iink library while keeping these keys on my server? I am thinking of something like having all the API calls made by the library signed by the server first, and then sent to MyScript, but I haven't found any tutorials on this. 

Thank you


1 Comment

Hi Daniel,

Thank you for your question.

The HMAC key requires the use of a function to obtain the hidden HMAC value to be sent. For further details you can refer to:


In addition, you can secure your application by adding filters  based on IP address or Referer:


Best regards,


Login or Signup to post a comment