![]() |
Curl best practice for API calls? Protecting sensitive data like API keys - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28) +--- Forum: CodeIgniter 4 Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=31) +--- Thread: Curl best practice for API calls? Protecting sensitive data like API keys (/showthread.php?tid=91112) |
Curl best practice for API calls? Protecting sensitive data like API keys - minsk832 - 06-18-2024 Hey! Assuming I use the following in a self-created OpenAI library: PHP Code: <?php If I then use the curlrequest service elsewhere in the application, this could potentially cause my API key to be accidentally sent to other servers (shared instance - https://codeigniter.com/user_guide/concepts/services.html). Or do I understand the information under https://codeigniter.com/user_guide/libraries/curlrequest.html since version 4.4.0 correctly, that $shareOptions = false by default ensures that I don't need to worry about this? Are there other things to keep in mind here? Thanks for your help! RE: Curl best practice for API calls? Protecting sensitive data like API keys - kenjis - 06-18-2024 Don't forget about `$shareOptions`. The setting reproduces the past incorrect behavior (= bug). You still need to worry about that. If you send request to other sites, you should not share the CURLRequest instance. https://codeigniter.com/user_guide/concepts/services.html#single-service RE: Curl best practice for API calls? Protecting sensitive data like API keys - minsk832 - 06-19-2024 Thank you: Here I read: https://www.codeigniter.com/user_guide/libraries/curlrequest.html#sharing-options Quote:"Since v4.4.0, the default value has been changed to false." system/Config/Service.php PHP Code: /** So there is no need to specifically use single_service() in my libraries that use curl requests? The options for curl requests passed to the constructor are usually not shared? RE: Curl best practice for API calls? Protecting sensitive data like API keys - kenjis - 06-19-2024 (06-19-2024, 04:55 PM)minsk832 Wrote: So there is no need to specifically use single_service() in my libraries that use curl requests? The options for curl requests passed to the constructor are usually not shared? No! You should use single_service() to protect sensitive data. The options for curl requests passed to the constructor are always shared. The options to the request() method are not shared. See https://www.codeigniter.com/user_guide/libraries/curlrequest.html#headers In the sample code, the headers are not shared in the next request. |