briedis
commented
6 years ago Be warned - if you expose your Printful's API key to user, user can hijack it and perform actions on your account! API key should be kept safe at all times!
Open shuklaalok7 opened 7 years ago
briedis
commented
6 years ago Be warned - if you expose your Printful's API key to user, user can hijack it and perform actions on your account! API key should be kept safe at all times!
shuklaalok7
commented
6 years ago Thanks for the heads up. I think nobody is going to have a look at this corner, but now that you have commented here, I am probably going to rewrite the commit history to obscure the API key or change the key from my Printful account, if possible.
Thanks again.
shuklaalok7
commented
6 years ago @briedis Oh, you mean to say that the API key should not be used at client-side.
If a developer wants to call printful API from mobile devices, this will work, but if he wants to make calls from his server running Java, he can still use this SDK on server JVM as well.
briedis
commented
6 years ago @shuklaalok7 I meant my comment in the context of calling API from an android device (which is basically client side). Of course, back-end use is fine :)
API calls cannot be made on UI thread in Android so currently the programmers have to use some way to call the clients in some other thread.
We may want to figure out to make this thread-thing more straightforward.