I am developing an SDK which users would use to access my service
The authorization is done using an API key, which is unique to each user.
SDK makes API calls to my server using the provided API Key
My question is how do I secure the API Key passed in as a header in the API calls?
Should I encrypt the key while sending it over the network using RSA? But, then there will be two issues:
- Shipping a public key with the SDK
- Overhead of reading keys from file for every API call
Is there a better approach to this?
Go to Source