I modified the Google MAps extension to use the HeatMaps API's and create a heatmap based on some data input. It is working well but I have a questions regarding security: in order to make the authentication i changed the metadata.xml file from the extension to include the AppKey that is required for using these APIs.
What happens is that when I run the Mashup, the AppKey shows up in the developer console, which is definitely not secure.As this API usage has a quota, in case the key leaks it can create unwanted billing. It is possible to define which URLs are allowed in the key configuration but I still do not feel comfortable on publishing the AppKey out there.
Does anyone have an idea of how I could secure this information?
Have you checked out the latest videos on how to integrate security into the mashup using Cryptosoft? if you make a search for 'cryptosoft', you will find 6 videos, which may answer your questions. In short, the Cryptosoft extension allows you to encrypt and decrypt any data. Let me know what you think.
Frode, thanks for the response.
From the videos it looks like it is managing the data in/out, but I did not see anything about criptography on the client configuration. My question is not necessarily related to the data itself, but with the extension configuration.
To config it I need to put the app key, that gets exposed in the client when I access the mashup. This is a problem in the extension setup not in the data itself.
Would it apply too?
The Google API keys can also be secured from your Google account console so that it can only be used by certain IP addresses and referrer URLs.