Our great sponsors
-
I agree with u/sslinky84 that there is no safe place in VBA. The main question is: what's the purpose of an API key in this case? From your description you are not linking an API-key to a single user, but have "one key to rule them all". So you probably want to prevent someone from grabbing your end-point and spamming it? In that case you're perfectly fine in creating one API-string in VBA and checking that on the server: it blocks the person who is opening a browser to fiddle with your end-point, but it does give you some security. The people who can get through are the ones that manage to crack open your VBA (assuming you have a password on the VBA). To make their life a bit harder you could instead of a "fixed string" as API key go for some kind of hash, as u/archn suggests. E.g.: take the rest of the post message that e.g. also includes a mandatory timestamp, make a simple hash of that (might even include a "fixed key", see e.g. https://github.com/krijnsent/crypto_vba/blob/master/ModHash.bas for some code).
Related posts
- VBA API call with nested JSON data
- Self made Excel/VBA triggers virus scan - what to do?
- How to import price actions with API from CoinGecko
- 10 years ago the point of cryptocurrency was to be a P2P electronic cash that anyone in the world could use, a decentralized currency that no one can stop you from using. Are there any current projects that reflect this original design?
- I like Coinbase's advice on how to buy Monero -- "Yeah we can help you purchase Monero. It's simple. First, go to a different platform and buy it!"