Hide and Keep your API key out of GitHub repository

 

Secure your API key

   

When you upload your Android app on GitHub, you need to hide it as no one has access to it except   you. It is considered a security glitch, so that’s why it is important to hide your API key. I am going to show you how you can do that easily.

Some Developers store their API key in a String variable like this.

private static final String APK_KEY = "asjsdakf4d3ggs2ytm4x";
 

It is not good to push your secret things into public repository as other people could use up your limited API calls. That’s probably the least concerning situation. Sharing of API keys becomes more of a concern if the API key authenticates someone for access to a subset of data.

So, let’s see how we can do that. 

1. Create a file called gradle.properties in .gradle folder.

- Drive C
 - Users folder
  - your user folder
   - .gradle folder
   Create it here
   - gradle.properties 
 
Then, write your APPNAME_API_KEY = "asjsdakf4d3ggs2ytm4x" inside it.
Save it as PROPERTIES File by enclosing with double quotes like this "gradle.properties"

 

2. Next step, Go to module level build.gradle file in your project

Then, put your API key for debug and release purposes under buildTypes tree.

buildConfigField ‘String’, “ApiKey”, APPNAME_API_KEY
 

It will be like that

buildTypes {
        debug{
            buildConfigField 'String', "ApiKey", APPNAME_API_KEY
        }
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
            buildConfigField 'String', "ApiKey", APPNAME_API_KEY
        }
}

 Sync it

 

3. Last Step, access your APK key in your Java file like that

private static final String API_KEY = BuildConfig.ApiKey;

If ApiKey goes red, press Make Project button or use Ctrl+F9

 

Another Way to do that: 

1. Add the API key to your local.properties file: 

apiKey="Your Key"
 
2. Add these two lines to the root level of your app-level build.gradle file:
 
def localProperties = new Properties()
localProperties.load(new FileInputStream(rootProject.file("local.properties")))

 
3. Add this following line to your app-level build.gradle file:
 
android {
  
  defaultConfig {
      // ...   
   
      buildConfigField "String", "API_KEY",localProperties['apiKey']

  }   
}

4. Sync Gradle and build the project. You can now reference the key:

String apiKey = BuildConfig.API_KEY;

Sounds pretty easy, does it?. Whenever you upload your Android project on GitHub, the person that uses your repository will not be able to figure out what your API key is. Therefore, you are secure NOW.

 

 

    

Comments

Post a Comment

Popular posts from this blog

Build an E-commerce Store App like Souq.com for Android

Image
  Many developers want to know how to create an e-commerce store app, and so am I. Therefore, I have decided to build an E-commerce Store app that looks like souq.com . When I shared it, so many developers liked it and asked me about it, so I decided to write about it and give you an idea about its features. My app is implemented using MVVM Architecture . I have written the Back-end rest API in MySQL and Node.js . It is a clone of Souq.com , but it is not identical. As you know, to build an app like Souq.com , you need to have a big team to collaborate. However, I have made this app myself, and it includes lots of features that you can implement in your app. First of all, the user can sign up for getting a new account if he/she does not have one, or log in to their existing accounts. The app enables them to add other products if they have admin accounts. They can browse products and see details about them like product name, picture, image, price, etc. Besides, the user...
Read more

Android parse JSON Key dynamically

Image
  JavaScript Object Notation   JSON stands for JavaScript Object Notation. It is an independent data exchange format and is the best alternative for XML. As a refresher, there are four main components of a JSON file: JSON array, JSON object, Key, and Value. Usually, we need to get the value of the specified key. But the key is sometimes vital, and you need to get it like some Currency Exchange APIs. In this article, we will know how to parse a key dynamically by tackling two examples. First, Parse the JSON key with the value: In the first example, we need to get the currency code which are the keys.   Parse the JSON key with the value In the above image, the currency codes are inside the red box and the double values beside them are their rates. So, to create our model class for it, you will define a Map of String as a key and double as a value representing currency codes and their rates. @SerializedName( "rates" ) val rates: Map<String, Double>,...
Read more