clewlb
commented
6 years ago @ambofx,
While it is totally safe to hardcode all the credentials in the app and got exposed by any means if you have implemented the secret key and use it to validate all the data returned from the XDK or from MOLPay servers, we do recommend you to put all the credentials at your server side and send them along with the other payment details before initiating the XDK for the payment process. If you have more questions concerning security, please send them to mobile@molpay.com, and we shall answer them there.
Thanks.
According to your sample code, there are username, password and verification key that we need to provide. I think, all of the information should not be exposed in the app since it can easily decompile.
Or maybe there is my mistake in understanding the doc?
It is safe for us to hardcode username and password in the app?