API key persistence #123

jonathan-sachs opened this Issue Sep 18, 2013 · 2 comments


None yet
3 participants

Is there a way to specify the value of an API key so that the user does not have to re-enter it each time she displays an API? For example, by telling IODocs to store it in a cookie? Without this she must re-enter it each time she uses IODocs with a given API, which is a major nuisance.


AlekSi commented Mar 19, 2014



mansilladev commented Mar 25, 2014

Typically, it is not recommended to store an API key in a cookie for reasons for security. One way that this could be done is to just exchange the session ID that is stored as a cookie with a value stored in Redis, and populate it server side. It's not much more secure, I'm sure you're thinking, but it is, in the sense, that it's not sitting in plain view in a browser's cookie jar.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment