Solved

Should I save google apikey in my client app?

  • 18 September 2023
  • 2 replies
  • 36 views

Userlevel 1
Badge

Hi, by configurating revenuecat I need to trigger following code:
 

configuration = PurchasesConfiguration(googleApiKey)  ..appUserID = userId  ..observerMode = false;

 

I have no experience and no idea if this google-api-key is important or should be privacy, should I hardcode this googleApiKey in my flutter app, or I need to get this from google secret manager via cloud function? But if I get this from cloud function, there is no chance for hacker to get this apikey?

thanks!

icon

Best answer by Michael Fogel 20 September 2023, 19:50

View original

2 replies

Userlevel 4
Badge +6

Hey @x-936719 !

 

We have a useful guide on API Keys and where/how they should be used here. When configuring the SDK, you will need to use the API key associated with the platform that has been detected. So for Android, you would need the Android API key and for iOS you would need the Apple API key. 

 

For this you can use the public API key which can be public. These are not a security risk so you are fine to hardcode this! 

  • Public API keys (also known as App specific keys in the dashboard) are meant to make non-potent changes to subscribers, and must be used to configure the SDK. Each app under a project is automatically provided with a public API key.
Userlevel 1
Badge

Hi thanks for the reply, now I will easily hardcode the key in my app:)

Reply