Forums » Help & Troubleshooting

Is it critical to keep Admin Site Key SECRET??

I'm integrating a call to the clicky-supplied API called clicky_log. I have a php script that is embedded in an iframe on my Yola site.

I REALLY like having this capability but I am afraid to deploy because I read in the docs somewhere to keep it secret.

What should I do? Go ahead and deploy the PHP script, which is in source code form that anyone can see?

Posted Sun Jan 29 2017 1:23p by MikeTheWatc***

I can't understand your concern. The purpose of the Clicky Log API is exactly to log data, and to log data you need to provide your admin sitekey along with the other get parameters. The body of your PHP script itself should not be world visible via the iframe and neither will be the get requests.

What you shouldn't do is put your API requests in html files because then everybody will be able to see the admin sitekey from their browser and screw with your data should they feel inclined to do so.

Posted Sun Jan 29 2017 1:47p by drkskwl***

Thank you!
I program stuff, but I'm not good with the web. Not to say I'm not trying :-)

I thought that someone could dump the HTML code for the page and see the call to my file that is hosted elsewhere, and then perhaps download the Index.PHP file. But when I dumped a page just now, it didn't have any info.

Thank you for the QUICK reply... I'll now be able to launch my new PHP script with Clicky logging integrated! ! It's pretty cool stuff!

Posted Sun Jan 29 2017 2:24p by MikeTheWatc***

You must be logged in to your account to post!