I am looking forward to integrating MyScript into my project, and when investigating the iink library, I wonder is there any method of using the library while preventing exposing the application and hmac keys. Because I notice that all relevant examples have these keys directly placed in the `register` call, which can have security implications.
Can I use the iink library while keeping these keys on my server? I am thinking of something like having all the API calls made by the library signed by the server first, and then sent to MyScript, but I haven't found any tutorials on this.
Thank you for your question.
The HMAC key requires the use of a function to obtain the hidden HMAC value to be sent. For further details you can refer to:
In addition, you can secure your application by adding filters based on IP address or Referer: