I’m implementing an API for a CMS. Clients are accessing the API via a

Question

0

Asked: June 1, 20262026-06-01T10:04:05+00:00 2026-06-01T10:04:05+00:00

I’m implementing an API for a CMS. Clients are accessing the API via a

0

I’m implementing an API for a CMS.

Clients are accessing the API via a public key or a private key (for more sensitive data). They can read AND write to the database with the private key.

I am storing the keys (just random strings) as cleartext in the database.

I’ve learned not to store passwords as cleartext. The main reason is, that a potential attacker could use the passwords on other systems (like facebook) where the user uses the same password.

This is not the case with apiKeys, as they are generated by the API itself and there only value is to grant access to the database. If an attacker made it that far, he already has access.

Having said that: Am I’m doing something wrong if I store api Keys as cleartext?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T10:04:07+00:00

Editorial Team

2026-06-01T10:04:07+00:00Added an answer on June 1, 2026 at 10:04 am

I don’t think there is anything wrong in stroring a key like this in clear text, but if you encrypt it it will add an extra layer of security. If someone breaks into your server and read the clear text keys from your database they can access your API using these keys. If encrpypted the keys will be of no use for an attacker.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m implementing an API for a CMS. Clients are accessing the API via a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply