3

I am going to make a simple web app. It will only have a few pages at most, and the main focus of the app is making calls to an api and doing stuff with that info.

I want to know what the best way is to keep my api key secure. Are there extremely lightweight frameworks that I can use for this? Should I just create a php page at the root? I could build something with codeigniter, but that seems like it is too much for what I need.

Improve this question

1 Answer 1

Reset to default
4

Keep the API key in a file outside of your web root. Then include that file in any file that will require its use. By placing it outside of the web root it cannot be accessed directly through a web browser or other similar means.

<?php
    // Assuming this file is in the web root
    require('../api_keys.php');
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Right on, this was the simple solution I was looking for. Thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.