It is currently October 15th, 2024, 10:35 am

Using APIs and authentication keys

Get help with creating, editing & fixing problems with skins
User avatar
Hazrd
Posts: 66
Joined: August 26th, 2024, 7:59 am
Location: Malaysia

Using APIs and authentication keys

Post by Hazrd »

So, I've gotten to creating a weather skin. I found an API I like and have created an auth key (API key). However, it's just dawned upon me that, if I were to publically release this skin (which I do along with a pack of lots of other skins :sly:), the auth key would be visible to anyone. If I start hitting the API call limits I do plan on requiring users to input they're on keys which they can obtain with a simple login on the API's dashboard (I'm aware that it'd be way better to just pay for a plan but I'm 16, dont have a job or bank account, and want to make quality rainmeter skins :confused:).

So for now, I was wondering if there was a way I could hide my key? I already looked through the dashboard of the API im using and there doesnt seem to be a way I could do this from that end.

The API in question is: https://www.weatherapi.com/
This is their docs: https://www.weatherapi.com/docs

A request URL would look something like this

Code: Select all

https://api.weatherapi.com/v1/current.xml?key=AUTHKEY&q=QUERY
The query param has a number of options, but im using auto:ip which automatically detects your location (it's accurate for the most part. or it is for me at least :confused:).

A solution would be much appreciated! :)
User avatar
Yincognito
Rainmeter Sage
Posts: 8469
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: Using APIs and authentication keys

Post by Yincognito »

Hazrd wrote: September 5th, 2024, 7:36 am So for now, I was wondering if there was a way I could hide my key?
Anything in a skin is transparent, either visually or by looking at the code. So the short answer is no.

That being said, you could regex unscramble a scrambled string to use the real key and not directly display the real key to the regular user, but that won't work with more advanced users, who could reverse engineer your code or simply use a network connection monitor to find out the URL Rainmeter connected to.

The safest possibility here is to advise your users to get their own keys and keep yours entirely out of the released skin package.
Profiles: Rainmeter ProfileDeviantArt ProfileSuites: MYiniMeterSkins: Earth
User avatar
Hazrd
Posts: 66
Joined: August 26th, 2024, 7:59 am
Location: Malaysia

Re: Using APIs and authentication keys

Post by Hazrd »

Yincognito wrote: September 5th, 2024, 8:33 am The safest possibility here is to advise your users to get their own keys and keep yours entirely out of the released skin package.
So, I have thought about just doing that. But, I was worried about the users who... let's just say aren't the best with "understanding instructions".. :?.
Although, this seems to be the best and safest solution. Having users provide their own key would almost completely elimate the issue of the API call limit running out (1 million calls per month on the free plan per account). I was planning to create documentation on some of my skins using Astro Docs hosted on cloudflare pages. I could link to that somewhere perhaps. Thanks anways! :thumbup:
User avatar
Yincognito
Rainmeter Sage
Posts: 8469
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: Using APIs and authentication keys

Post by Yincognito »

Hazrd wrote: September 5th, 2024, 8:38 am So, I have thought about just doing that. But, I was worried about the users who... let's just say aren't the best with "understanding instructions".. :?.
Although, this seems to be the best and safest solution. Having users provide their own key would almost completely elimate the issue of the API call limit running out (1 million calls per month on the free plan per account). I was planning to create documentation on some of my skins using Astro Docs hosted on cloudflare pages. I could link to that somewhere perhaps. Thanks anways! :thumbup:
No problem, you're welcome! Some users having trouble understanding instructions will always exist. You can't do anything about it, the culprit can be the instructions, the users or both. As long as you do your part and make them explicit enough to be understood by most, there's no need to worry about anything else - after all, it's you doing them a favor and sharing the result of your work, the rest is up to them. ;-)
Profiles: Rainmeter ProfileDeviantArt ProfileSuites: MYiniMeterSkins: Earth