How should I handle API keys in a mobile application?

You shouldn’t store API keys in mobile applications. There are tools to extract data from mobile apps, so you should never hardcode any sensitive information. Additionally, your users might not update your application as often as you’d want. If you ever need to rotate an API key that you use in your mobile app, it will stop working for all users who don’t update.

Instead, we recommend fetching them dynamically from your application’s back end. There are many ways to do so, each depending on the specificities of your back end. You can find plenty of resources online, but here are some examples:

Resources Tutorial: How To Use A Remote Configuration File For Your iOS App

GroundControl: Remote Configuration for iOS

Get Started with Firebase Remote Config on iOS

Building Search UI

Building Search UI

Building Search UI

Building Search UI

Building Search UI

Building Search UI

PHP

Ruby

JavaScript

Python

Swift

Kotlin

Android

.NET

Java

Golang

Scala

InstantSearch.js

React InstantSearch

Vue InstantSearch

Angular InstantSearch

InstantSearch iOS

InstantSearch Android

Autocomplete

Crawler Configuration API

Index settings and search parameters

A full reference of API Endpoints

Rails

Symfony

Django

Laravel

Crawler

Magento 2

WordPress

Shopify

Salesforce Commerce Cloud B2C

Netlify

How should I handle API keys in a mobile application?

Did you find this page helpful?