Where to put the API key? Resources, Meta-data in Manifest or static variable? [duplicate]

Question

I'm trying to figure out what is the best practice for adding the API's key into my Android application.

-Some people recommend to use meta-data in the Manifest.xml file - link. Which made me feel like, it is better that adding the key in the resources files.

<meta-data android:value="key_value" android:name="api_key"></meta-data>

-Some people says, add it into the resources - link

<string name="api_key">api_key_value</string">

-We can simple add it within the class code

api.configue("api_key_value");

-Some people says adding the keys in the Manifest.xml and the resources files will allow the other apps to read it - link.

<string name="foo">bar</string">

I'm not trying to find the best secure way, because for me I would save the Key in my server and retrieve it in the runtime.

I'm asking about the best approach to follow and the best practice for that.

Thanks in advance.

Answer 1

I didn't follow the question, because it seems that you already determined what to do with the API key (in the server).

A great article about the API keys possible hideouts in Android: http://www.androidauthority.com/how-to-hide-your-api-key-in-android-600583/

In your case, since you're going to retrieve the key during runtime from the server, I would follow #4: API key Public/private key exchange from the article, but it can be cumbersome.

Also, I would consider the NDK approach (#3 from the article). It's quite simple as a client-side approach.