Hi,
I would like to hear about your opinion. I'm using Services 6.2, XML-RPC and key authentication. I'm calling it from an embedded Flash object. The communication works perfectly. My problem is with the api key and where to store it.
I need the api key in the Flash object when sending the XML-RPC request. I shouldn't hardcode the key in Actionscript, it should stay customizable. I think it's also not a good practice (moreover is a security hole) to provide the key as a flashvar.
I can't think of any other good and secure way to get the api key. (Ok, I can imagine that end users can enter the key value in Flash and store it in the Flash user variables. But I'm pretty sure that end users shouldn't get the key at all. Also looks bad at the user-experience point of view.)
What do you think, how it should be provided?
Thanks,
Peter