cheese1756 Posted March 5, 2014 Report Share Posted March 5, 2014 (edited) I'm currently writing an application with Node.js which uses the BTSync API. Reading through the emailed materials and the Terms of Use, it appears that BitTorrent wants the API key to be kept secret. How do I distribute the application without revealing the API key? How can users use the included config file without seeing the key? And how do I ensure that the key is not revealed when the application itself is open-source? One solution I can think of is to create a closed-source executable binary in a language like Java, C, or Python (using cxfreeze) for each system which serves solely to start the BTSync instance with the config. That doesn't seem ideal, but I am willing to take that route if necessary. Is there another solution? Edited March 5, 2014 by cheese1756 Quote Link to comment Share on other sites More sharing options...
abhibeckert Posted March 17, 2014 Report Share Posted March 17, 2014 Switching to something closed source/compiled will not hide the API key. Anyone who knows what they're doing can extract it Quote Link to comment Share on other sites More sharing options...
Timbo Posted March 18, 2014 Report Share Posted March 18, 2014 Are they expecting to provide their own developer API using the open source? If so, then you can remove yours and have them insert their own. Quote Link to comment Share on other sites More sharing options...
marc321 Posted August 11, 2014 Report Share Posted August 11, 2014 I'm looking to build an updater for a multimedia application (I work for a school). This updater will be responsible to sync video files across multiple computers, which means it must be installed on all of them. Thus, I'm also interested in this question... What can I do to prevent the users from being able to see the API key? Quote Link to comment Share on other sites More sharing options...
RomanZ Posted August 12, 2014 Report Share Posted August 12, 2014 Hi, Please take a glance at my response here. It should address your question. Quote Link to comment Share on other sites More sharing options...
delegatevoid Posted August 13, 2014 Report Share Posted August 13, 2014 Hi, Please take a glance at my response here. It should address your question. Pssssst... it's a dead link Quote Link to comment Share on other sites More sharing options...
GreatMarko Posted August 13, 2014 Report Share Posted August 13, 2014 Pssssst... it's a dead link@delegatevoid / @all - it's not a "dead link" as such, it's just a post that's posted in an area of the forums that not everyone has access to. So for reference, here's the response Roman is referring to: Hi all,Here are some clarifications to the API terms:1. It is allowed to share the API key during the development cycle between developers on that project and is not considered as a Terms violation.2. It is allowed to include the API key in non-compiled programming languages, where including it is needed for their Application to work.3. It is prohibited to include API key to public repositories. When a project is compiled - you can keep the key inside, but other developers who download sources from public repository should not get your key. In order to compile the project they need to get their own API key. Quote Link to comment Share on other sites More sharing options...
RomanZ Posted August 13, 2014 Report Share Posted August 13, 2014 My bad, indeed, it was on closed forums. @GreatMarko - thanks for bringing the clarifications here! Quote Link to comment Share on other sites More sharing options...
marc321 Posted August 16, 2014 Report Share Posted August 16, 2014 Thanks, gentlemen. Quote Link to comment Share on other sites More sharing options...
marc321 Posted September 6, 2014 Report Share Posted September 6, 2014 Out of curiosity, what's the purpose of the API key? Or rather, how is it validated? If it's validation depends on connecting to a main bittorrent.com server, my implementation won't work if I'm using in a LAN-only environment with no external internet access. Any clarification on this is welcome. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.