Menu
I am developing an open source Python-powered Twitter client, and to access the Twitter API and login using OAuth, I have registered my client with Twitter and they have given me a unique consumer key and consumer token (henceforth to be referred to as "developer key"). These are unique to my client, and all copies of my client have to use the same developer key. Now, I have to use the developer key in a Python script (main.py) and since it is a script, there is no binary. Also, I have to upload my code to GitHub since I am using git on GitHub for content tracking. How do I keep my developer key secret? Please keep in mind that I plan to distribute the same client to users.
A keyring seems the best option, but I want a way that only the application can access the keyring, not even its users (outside the application). And nobody should be able to figure out how to access the keyring by looking at my code.
Note: "To use the Twitter API, the first thing you have to do is register a client application. Each client application you register will be provisioned a consumer key and secret. This key and secret scheme is similar to the public and private keys used in protocols such as ssh for those who are familiar. This key and secret will be used, in conjunction with an OAuth library in your programming language of choice, to sign every request you make to the API. It is through this signing process that we trust that the traffic that identifies itself is you is in fact you." - http://dev.twitter.com/pages/auth
401
A CARTO API Key is physically a token/code of 12+ random alphanumeric characters. You can pass in the API Key to our APIs either by using the HTTP Basic authentication header or by sending an api_key parameter via the query string or request body. If you use our client library CARTO.
You can use OAuth.io for this purpose.
The concept is simple:
Your secret key won't be leaked in this way.
Check this blogpost using Twitter API with OAuth.io: http://blog.oauth.io/api-call-using-twitter-api/
The complete sample code (in javascript) is on JSFiddle: http://jsfiddle.net/thyb/kZExJ/5
$('button').click(function() {
OAuth.initialize('oEcDIQahkO4TUAND-yTs-H6oY_M') //OAuth.io public key
OAuth.popup('twitter', function(err, res) {
// res contains tokens (res.oauth_token and res.oauth_token_secret)
res.get('/1.1/statuses/home_timeline.json').done(function(data) {
// do what you want with data
})
})
})
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
