{
    "componentChunkName": "component---src-components-blog-post-jsx",
    "path": "/blog/hide-your-api-keys/",
    "result": {"data":{"site":{"siteMetadata":{"author":"Monica Powell","siteUrl":"https://www.aboutmonica.com"}},"mdx":{"id":"705b41f0-e095-58b7-bb43-df8128099712","timeToRead":2,"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"Hide Your API Keys\",\n  \"date\": \"2017-01-26T01:23:25.000Z\",\n  \"template\": \"post\",\n  \"draft\": false,\n  \"slug\": \"hide-your-api-keys\",\n  \"category\": [\"tutorial\"],\n  \"tags\": [\"Python\", \"API\", \"Git/GitHub\", \"Tutorial\"],\n  \"description\": \"If you plan on programming any applications and storing your code in a public GitHub repository then it is important that you protect your API keys 🔑 by ensuring that they are not searchable or…\",\n  \"redirects\": [\"/blog/2017/01/26/hide-your-api-keys/\"]\n};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, _excluded);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"h3\", {\n    \"id\": \"how-to-hide-your-api-keys-in-python\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#how-to-hide-your-api-keys-in-python\",\n    \"aria-label\": \"how to hide your api keys in python permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"How to Hide Your API Keys in Python\\xA0\\uD83D\\uDD11\"), mdx(\"h4\", {\n    \"id\": \"protect-your-applications-api-keys-while-committing-togit\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h4\",\n    \"href\": \"#protect-your-applications-api-keys-while-committing-togit\",\n    \"aria-label\": \"protect your applications api keys while committing togit permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Protect your application\\u2019s API Keys while committing to\\xA0Git.\"), mdx(\"figure\", null, mdx(\"p\", null, mdx(\"img\", {\n    parentName: \"p\",\n    \"src\": \"/media/hide-your-api-keys-0.jpeg\",\n    \"alt\": \"black-and-white-code-programming-tech-79290\"\n  }))), mdx(\"p\", null, \"If you plan on programming any applications and storing your code in a public \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://github.com/\"\n  }, \"GitHub\"), \" repository then it is important that you \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"protect your API keys\"), \" \\uD83D\\uDD11 by ensuring that they are not searchable or otherwise publicly accessible.\"), mdx(\"h4\", {\n    \"id\": \"whats-anapi\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h4\",\n    \"href\": \"#whats-anapi\",\n    \"aria-label\": \"whats anapi permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"What\\u2019s an\\xA0API?\"), mdx(\"p\", null, \"An application programming interface (API) is a structured set of instructions for building applications. If you want to leverage data from services such as Twitter, The New York Times, \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://medium.com/u/26d90a99f605\"\n  }, \"Slack\"), \", \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://medium.com/u/60a317bb70e4\"\n  }, \"Spotify\"), \", etc. then you should read their APIs to figure out how to structure your queries to receive data from their service or to post on their service.\"), mdx(\"p\", null, \"Example APIs:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://dev.twitter.com/docs\"\n  }, mdx(\"strong\", {\n    parentName: \"a\"\n  }, \"Twitter Developer Documentation - Twitter Developers\"), mdx(\"br\", {\n    parentName: \"a\"\n  })))), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://developer.spotify.com/web-api/\"\n  }, mdx(\"strong\", {\n    parentName: \"a\"\n  }, \"Spotify Web API - Spotify Developer\"), \" \"))), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://api.slack.com/\"\n  }, mdx(\"strong\", {\n    parentName: \"a\"\n  }, \"Slack API\")))), mdx(\"li\", {\n    parentName: \"ul\"\n  }, mdx(\"p\", {\n    parentName: \"li\"\n  }, mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://developer.nytimes.com\"\n  }, mdx(\"strong\", {\n    parentName: \"a\"\n  }, \"API Gallery - NYT Developers Network\"))))), mdx(\"h4\", {\n    \"id\": \"what-are-apikeys\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h4\",\n    \"href\": \"#what-are-apikeys\",\n    \"aria-label\": \"what are apikeys permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"What are API\\xA0keys?\"), mdx(\"p\", null, \"API keys allow developers to access APIs and are unique keys associated with that particular developer and/or application. Just like you shouldn\\u2019t share your passwords you should \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"never\"), \" share your API keys. It is important to protect your API keys so that people do not take any actions as you which could result in your API key being revoked due to somebody else exceeding rate limits or abusing/violating an APIs terms of service. A rate limit is when an application limits the number of API calls that a specific application or user can make during a specified period of time.\"), mdx(\"h4\", {\n    \"id\": \"how-do-i-protect-my-api-keys-ongithub\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h4\",\n    \"href\": \"#how-do-i-protect-my-api-keys-ongithub\",\n    \"aria-label\": \"how do i protect my api keys ongithub permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"How do I protect my API keys on\\xA0Github?\"), mdx(\"p\", null, \"Here\\u2019s how to hide API keys in Python from GitHub using config.py to store your sensitive API keys and tokens in a separate file from your main script. I used similar code when accessing the Twitter Search API for my \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://github.com/M0nica/blackgirlmagic\"\n  }, \"blackgirlmagic twitter bot\"), \".\"), mdx(\"h4\", {\n    \"id\": \"create-3-files-in-your-application\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h4\",\n    \"href\": \"#create-3-files-in-your-application\",\n    \"aria-label\": \"create 3 files in your application permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Create 3 Files in Your Application\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"config.py\")), mdx(\"p\", null, \"This file will store your API keys. You just need to update the portion in the strings with your API keys, depending on the service you may or may not need all four types of API keys. These in particular are required to create a Twitter application.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-python\"\n  }, \"api_key = \\\"YOUR_KEY\\\"\\napi_secret = \\\"YOUR_SECRET\\\"\\naccess_token = \\\"YOUR_ACCESS_TOKEN\\\"\\ntoken_secret = \\\"YOUR_TOKEN_SECRET\\\"\\n\")), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"main_script.py\")), mdx(\"p\", null, \"This file will store your main script that needs to access the API keys. This file can be named whatever you like.\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-python\"\n  }, \"import config\\n\\nfrom twython import Twython, TwythonError\\n\\n# create a Twython object by passing the necessary secret passwords\\ntwitter = Twython(config.api_key, config.api_secret, config.access_token, config.token_secret)\\n\")), mdx(\"h4\", {\n    \"id\": \"gitignore\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h4\",\n    \"href\": \"#gitignore\",\n    \"aria-label\": \"gitignore permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), mdx(\"strong\", {\n    parentName: \"h4\"\n  }, \".gitignore\")), mdx(\"p\", null, \"A\\xA0.gitignore file tells GitHub to ignore the noted files, directories or files that end in specific extensions when committing files to GitHub. \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"This step is crucial to ensure that your config.py file does not end up viewable on GitHub! Here\\u2019s\"), \" \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://github.com/github/gitignore\"\n  }, mdx(\"strong\", {\n    parentName: \"a\"\n  }, \"a collection of useful\\xA0.gitignore templates\")), mdx(\"strong\", {\n    parentName: \"p\"\n  }, \".\")), mdx(\"p\", null, mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://github.com/github/gitignore\",\n    \"title\": \"https://github.com/github/gitignore\"\n  }, mdx(\"strong\", {\n    parentName: \"a\"\n  }, \"github/gitignore\"), mdx(\"br\", {\n    parentName: \"a\"\n  }), \"_\", \"A collection of useful\\xA0.gitignore templates_github.com\"), mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://github.com/github/gitignore\"\n  })), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\"\n  }, \"config.py\\n__pycache__\\n.ipynb_checkpoints\\n\")), mdx(\"p\", null, \"Feel free to reach out below with any comments or questions that you have. I would love to know how you hide your API keys when creating applications in Python or any other languages.\"));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#how-to-hide-your-api-keys-in-python","title":"How to Hide Your API Keys in Python 🔑","items":[{"url":"#protect-your-applications-api-keys-while-committing-togit","title":"Protect your application’s API Keys while committing to Git."},{"url":"#whats-anapi","title":"What’s an API?"},{"url":"#what-are-apikeys","title":"What are API keys?"},{"url":"#how-do-i-protect-my-api-keys-ongithub","title":"How do I protect my API keys on Github?"},{"url":"#create-3-files-in-your-application","title":"Create 3 Files in Your Application"},{"url":"#gitignore","title":".gitignore"}]}]},"frontmatter":{"title":"Hide Your API Keys","date":"January 26, 2017","description":"If you plan on programming any applications and storing your code in a public GitHub repository then it is important that you protect your API keys 🔑 by ensuring that they are not searchable or…","tags":["Python","API","Git/GitHub","Tutorial"]}},"allWebMentionEntry":{"edges":[]}},"pageContext":{"permalink":"https://www.aboutmonica.com/blog/hide-your-api-keys/","slug":"/blog/hide-your-api-keys/","prev":{"id":"5181f38d-6796-5ff5-a342-9d8696c42f2d","frontmatter":{"title":"Visualizing Data from the Spotify API","category":["tutorial"],"date":"2017-01-27T03:20:46.967Z","slug":"visualizing-data-from-the-spotify-api","tags":["API","Python"],"redirects":null},"fields":{"slug":"/blog/visualizing-data-from-the-spotify-api/"}},"next":{"id":"4476e2d2-86bd-5155-8766-3f543e8e90c8","frontmatter":{"title":"Font Awesome is Awesome!","category":["resources"],"date":"2016-11-27T14:35:58.810Z","slug":"font-awesome-is-awesome","tags":["Design","Font Awesome"],"redirects":null},"fields":{"slug":"/blog/font-awesome-is-awesome/"}}}},
    "staticQueryHashes": ["1977783444","764694655"]}