Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
I agree with u/sslinky84 that there is no safe place in VBA. The main question is: what's the purpose of an API key in this case? From your description you are not linking an API-key to a single user, but have "one key to rule them all". So you probably want to prevent someone from grabbing your end-point and spamming it? In that case you're perfectly fine in creating one API-string in VBA and checking that on the server: it blocks the person who is opening a browser to fiddle with your end-point, but it does give you some security. The people who can get through are the ones that manage to crack open your VBA (assuming you have a password on the VBA). To make their life a bit harder you could instead of a "fixed string" as API key go for some kind of hash, as u/archn suggests. E.g.: take the rest of the post message that e.g. also includes a mandatory timestamp, make a simple hash of that (might even include a "fixed key", see e.g. https://github.com/krijnsent/crypto_vba/blob/master/ModHash.bas for some code).
Related posts
- VBA API call with nested JSON data
- Self made Excel/VBA triggers virus scan - what to do?
- How to import price actions with API from CoinGecko
- Atomic Swaps are coming to Zenon Network
- Inflation reaches 8.6%, the highest U.S has seen in 40 years. Global recession is around the corner and so might be the real crypto crash.