Is there a way to hide third party api keys with Expo using create-react-native-app?
You should never store any API key that is sensitive inside of an app, whether in React Native or a typical native app. Keep them on your server instead. Here’s an article that explains the various approaches to get your API keys if stored in your Android application: Hiding Secrets in Android Apps – the same thing applies for iOS, just different tools.
1 Like
I’m using firebase as my backend but apparently Expo doesn’t support firebase cloud storage at this time which is where firebase suggests you store your hidden keys etc.
To add to Brent’s post (which shows how including a secret key with your app means it’s not secret anymore), what you should do is write some code on your server that uses the secret key to talk to third-party APIs, and have your app talk to your server. This way your server is responsible validating requests from your app and never reveals the third-party secret key to the rest of the world.
I’m using firebase as my backend but apparently Expo doesn’t support firebase cloud storage at this time which is where firebase suggests you store your hidden keys etc.
Interesting! Can you link me to a resource about that? I can’t find anything