[Android] [Security] Pendo key restriction android?
Hey Pendo Team,
We are currently using pendo for tracking user events in our android application, And we have some queries about the restrictions that can be done to the API key for android.
Can we restrict the API key to a single android application(like google maps) using the pendo dashboard, so that even if the API key is compromised the hacker cannot use the API key for anything else?
Or if the API Key is compromised, will it a big security threat, and what can an external user can do with our pendo API?
Looking forward for a solution from you guys asap.
Thanks
1
コメント
Thanks for contacting us.
Will answer the second question first:
If the API Key is compromised, will it a big security threat, and what can an external user can do with our pendo API?
If the Key is compromised, the attacker can not do anything. The key is only good for sending information to Pendo; it can NOT be used to retrieve any information.
Can we restrict the API key to a single android application(like google maps) using the pendo dashboard, so that even if the API key is compromised the hacker cannot use the API key for anything else?
We do not currently have that feature. However, we do have the JWT signature to ensure you are the only one sending data.
Please check this link Send signed metadata with JWT
Thanks David Faerman for a quick response!!
サインインしてコメントを残してください。