Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the role of app key and secret key in every SDK

Tags:

android

authentication

web-services

sdk

token

I am building SDK in which I require to take app id and app secret key from app which will integrate my android SDK.

I see every SDK is using this concept app id and secret key. I don't know what is the use of this ? How this make system secure ?

Can anyone help me on this topic.

like image 629
N Sharma Avatar asked Jun 16 '15 18:06

N Sharma

1 Answers

App ID and secret key are two different things. Let me try to address both separately and then tie them together.

App ID

App ID is simply a unique identification label for an app. This is to avoid overlaps in the App Store and on your device. If two apps have the same App ID, one can be installed on top of the other, effectively erasing the old one, and maybe hijacking your data. App ID is only the first step to SECURITY. To ensure there is absolutely no way of the above scenario happening, we use the secret key.

Secret Key

The secret key is a security implementation, usually for asymmetric encryption. Let's take a look at Wikipedia's definition of asymmetric encryption:

Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic protocols based on algorithms that require two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked.

The secret key is part of a pair of keys, the other being the public key. The public key, as the name suggests, is openly available to the public. The secret key should ideally be available only to one person.

The pair of keys are used to open a lock, in your case to 'unlock' apps. Each app has a unique asymmetric lock. An asymmetric lock is either locked with a secret key, and opened with the public key, or vice versa. The purpose is IDENTIFICATION. Only one person can have the secret key. So any app by this person, we know is definitely from that person and not some hacker/doubious source. That is why the secret key is important.

Hence, these two concepts work hand-in-hand to bring you better security. When you use APIs, you sometimes do not need the secret key, but only the app ID so the main service you are using APIs for knows which exact product you are using.

like image 160
bunbun Avatar answered Nov 15 '22 14:11

bunbun
Sign in to Comment

Related questions

fb://profile/{userid} seems to be not working
Object Sharing Between Activities in Android
ViewHolder ArrayIndexOutOfBoundsException: length=2; index=2
Android reading external storage gives securityException
Is it possible to integrate Dagger and AspectJ in an Android Studio project?
How to recreate previous activity?
Cannot resolve symbol 'GooglePlayServicesClient'
Change Tab Programmatically with SlidingTabLayout
ActionBarDrawerToggle cannot be applied to Android.support.v7.widget.Toolbar
In Android Studio, how do you configure gradle to automatically replace AdMob's AdUnitId when creating signed release APKs
Android date/time wheel picker
How to Disable drawer in fragment and back back to correct fragment
How to set increment value for Y axis in MPAndroidChart
Set initial background color before loading
Android studio git message: following untracked working tree files would be overwritten by merge, but not showing which files
PopupMenu is not positioned properly inside RecyclerView
what is the difference between getTop and getY
How to decrease radio button drawable size?
Update static variables in java
LibGDX's TexturePacker with gradle

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!