API key persistence #123

Open
jonathan-sachs opened this Issue Sep 18, 2013 · 2 comments

Comments

Projects
None yet
3 participants

Is there a way to specify the value of an API key so that the user does not have to re-enter it each time she displays an API? For example, by telling IODocs to store it in a cookie? Without this she must re-enter it each time she uses IODocs with a given API, which is a major nuisance.

Contributor

AlekSi commented Mar 19, 2014

👍

Contributor

mansilladev commented Mar 25, 2014

Typically, it is not recommended to store an API key in a cookie for reasons for security. One way that this could be done is to just exchange the session ID that is stored as a cookie with a value stored in Redis, and populate it server side. It's not much more secure, I'm sure you're thinking, but it is, in the sense, that it's not sitting in plain view in a browser's cookie jar.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment