Shared Secret With API In An Ajax Adobe AIR App

I'm pretty new to developing AIR apps, so maybe this is a dumb question, but I can't seem to find any answers from google. Any help you can give me is greatly appreciated. I'm buil

Solution 1:

You may want to use EncryptedLocalStore to securely store you API key.

But, you won't be able to distribute it with the application as the store's encryption depends of which OS the application is running on.

A method to seed the store would be, on app's install:

1. Run installer
2. Run post-installation scripts as needed.
3. Check the store. If no key is present, download the key from your website and store it in the ELS.

Using this method, the user will never know your key but it will be present in app's store.

Solution 2:

First question - does the license allow you write an app and give it to someone else to use with your key, rather than having their own key?

If so, and if this is an AIR-compatible SDK, they should have some method they recommend.

EDIT:

This question describes how flickr provides access to extra resources with a key. If this is an AIR app, are you jumping through the sandbox hoops to provide a simultaneous internet and desktop app?

Solution 3:

I would either store the key on the server and retrieve it using SSL (https://) and the flash.net.URLLoader class or store it in the encrypted SQLite database. Obviously the database creates a lot more overhead if you aren't already using it, so I'd go with the first option if you're not going to use the SQLite database now or in the future.

Solution 4:

You can use the EncryptedLocalStore like Pierre-Yves Gillier mentioned. There is a method to detect if the application is run from the first time. But I'd go for this method:

Check if the Encryptedlocalstore has the api key and if not grab it from server amd store it.