iOS: Is this an okay way to store an API key to make HTTP requests?

After a user logs into an App, they get an API key (unique for each user) which is used to make API requests/communicate with the server. Currently, I store this API key in my iOS SQLite DB and use it to make API requests. However, I’m not so sure if this is a good method or not.

@sweetoothj Thanks very much for your question!

This is NOT a good idea. Why? You need to treat the key or token that you receive the same as you would for a password. These should not be stored or persisted as any other arbitrary piece of data. What you should do is store the key/token using the iOS keychain. A nice and easy way to do it is using the following library, which can be incorporated in your project as a cocoapod, and is very easy to use. :slight_smile:

I hope this helps!

All the best!

This topic was automatically closed after 166 days. New replies are no longer allowed.