search

paps-app / paps-docz-api

Paps API Documentation
https://developers.paps.sn
0 stars 2 forks source link

Test API KEY #2

Open babacarcissedia opened 4 years ago

babacarcissedia commented 4 years ago 
const options = {
  apiKey: 'abcn4a8n89ixk71ugwbcezfwn4ev9y6f33v2lguwn18mogf8jqis', 
  url: 'https://api.paps.sn/api/v1/:method', 
  test: true
}

Right now I can't expose my apiKey, because the same one is being used both for test and for production environment. Just parameter test: true is not enough. You need to generate different set of apiKey + apiSecret

madiodio commented 4 years ago

Hi @bcdbuddy, thanks for signaling this again.

Agree this is far from optimal so we'll actually start working on a v2 of the API to let you have as many API keys as you want, manage them and mark them as test or production.

Besides that, you'll also be able to track/manage the tasks created in the test environment directly on Monespace. I can't give you any timeline right now but we're definitely working to improve the experience on this side so I'm letting this issue open.

In the meantime, what I'll suggest (or how we deal around it internally) is to have environment variable to toggle the use of test=true, something like:

const options = {
  apiKey: 'abcn4a8n89ixk71ugwbcezfwn4ev9y6f33v2lguwn18mogf8jqis', 
  url: 'https://api.paps.sn/api/v1/:method', 
}

if(IS_TEST_ENV) options.test = true
babacarcissedia commented 4 years ago

@madiodio hum I see your point :thinking: but this options would still leak the credential on the source code of the library https://github.com/bcdbuddy/node-paps. Right now I am using git hub secret so that's fine. Anyway, can't wait to get the v2.

Note that I set up some free time for community project so I can take one part of the V2 work and do it for you guys for free. So you might want to consider that.

By the way where is your office located ? I have an ecom platform I am building right now and I don't want to wait. We should meet if possible to discuss more about this.

madiodio commented 4 years ago

@bcdbuddy Obviously you should be able to provide all your credentials via environment variables using for instance Github secrets like you did.

That's very generous from you to offer your support to make this better. Right now, we're not doing any concrete work on v2 or in the open but we'll obviously reach out when we properly start so you can give insights and help as you will.

Well because of the pandemic our offices are almost empty for now 😅. But we're working from home and you can reach us anytime, just drop me an email madiodio at paps-app.com (and loop dev at paps-app.com in) about the project and I will be able to help as much as I can. Looking forward for your email.