Best Practices

On this page:


Storing your credentials

When you use API keys in your applications, take care to keep them secure. Publicly exposing your credentials can result in your account being compromised, which could lead to unexpected charges on your account. To help keep your API keys secure, follow these best practices:

  • Do not embed API keys directly in code. API keys that are embedded in code can be accidentally exposed to the public. For example, you may forget to remove the keys from code that you share. Instead of embedding your API keys in your applications, store them in environment variables or in files outside of your application's source tree.
  • Do not store API keys in files inside your application's source tree. If you store API keys in files, keep the files outside your application's source tree to help ensure your keys do not end up in your source code control system. This is particularly important if you use a public source code management system such as GitHub or GitLab.
  • Delete unneeded API keys to minimize exposure to attacks.
  • Review your code before publicly releasing it. Ensure that your code does not contain API keys or any other private information before you make your code publicly available.


Embeding Omnicept runtime into your application's installer

Omnicept uses merge modules (.msm) files.  Your app can import the run time .msms files into your MSI installer.

Another option is not embedding Omnicept and having the end user install Omnicept Runtime on their own in a "golden image" or manually.