Sign in to follow this  
cheese1756

Distribute An Application Without Revealing The Api Key

Recommended Posts

I'm currently writing an application with Node.js which uses the BTSync API. Reading through the emailed materials and the Terms of Use, it appears that BitTorrent wants the API key to be kept secret. How do I distribute the application without revealing the API key? How can users use the included config file without seeing the key? And how do I ensure that the key is not revealed when the application itself is open-source?

 

One solution I can think of is to create a closed-source executable binary in a language like Java, C, or Python (using cxfreeze) for each system which serves solely to start the BTSync instance with the config. That doesn't seem ideal, but I am willing to take that route if necessary. Is there another solution?

Edited by cheese1756

Share this post


Link to post
Share on other sites

Are they expecting to provide their own developer API using the open source? If so, then you can remove yours and have them insert their own.

Share this post


Link to post
Share on other sites

I'm looking to build an updater for a multimedia application (I work for a school). This updater will be responsible to sync video files across multiple computers, which means it must be installed on all of them. Thus, I'm also interested in this question... What can I do to prevent the users from being able to see the API key?

Share this post


Link to post
Share on other sites

Pssssst... it's a dead link

@delegatevoid / @all - it's not a "dead link" as such, it's just a post that's posted in an area of the forums that not everyone has access to.

 

So for reference, here's the response Roman is referring to:

 

Hi all,

Here are some clarifications to the API terms:

1. It is allowed to share the API key during the development cycle between developers on that project and is not considered as a Terms violation.

2. It is allowed to include the API key in non-compiled programming languages, where including it is needed for their Application to work.

3. It is prohibited to include API key to public repositories. When a project is compiled - you can keep the key inside, but other developers who download sources from public repository should not get your key. In order to compile the project they need to get their own API key.

Share this post


Link to post
Share on other sites

Out of curiosity, what's the purpose of the API key? Or rather, how is it validated? If it's validation depends on connecting to a main bittorrent.com server, my implementation won't work if I'm using in a LAN-only environment with no external internet access.

 

Any clarification on this is welcome.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this