wes

wes

What is the best way to protect your API secret if you access the vimeo API within a script designed to be downloaded and used by anyone? For instance, if I was to access the API with a python script, how would I go about doing this without exposing my API secret?

I had an implementation working which used a pyc binary to generate an api sig based on user input for whatever API function I was calling. It works fine until someone figures out they can easily steal the API secret by using freely available python decompilers. Also, I think a python binary only works with the exact version of python it was compiled with.

What should I do?

Brad Dougherty

Brad Dougherty Staff

Don't include an API key at all. Anyone that downloads the script should be able to put their own key and secret into the code.

wes

wes

Didn't consider that. I guess it wouldn't be that big of a hassle to direct users to sign up for an API key

This conversation is missing your voice. Please join Vimeo or log in.