Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices best way to store tokens and api keys?
best way to store tokens and api keys?
  • Offline elbambolo
    Junior Member
  • **
  • Posts: 22
    Threads: 8
    Joined: Dec 2023
    Reputation: 0
#1
09-22-2024, 02:29 AM

good morning,
i have a little question.
what is the best way in codeigniter 4  to keep tokens and passwords safe?
for example, in one of my portals, i use PayPal API. Currently i have a sort of config.php where inside i define a constant called: token to which i assign the value.
when i need the token, i call the constant.
the problem is that in case of direct access to the files that are on the server, anyone can see the token in clear.
the other path i had taken was to create a table and insert in MySql all the various tokens of the different services, obviously encrypted in MD5.
in this case, when i need the token, i call it directly through a query.

what do you think is the best method?
is there a safe place in codeigniter to store this type of data?
Reply
  • Offline ozornick
    Antispam Moderator
  • ******
  • Posts: 561
    Threads: 29
    Joined: Jul 2022
    Reputation: 28
#2
09-22-2024, 07:07 AM

File .env or in apache2 vhosts ENV. Access denied from browser.
Simple CI 4 project for beginners codeigniter-expenses ( topic )
Reply
  • Offline elbambolo
    Junior Member
  • **
  • Posts: 22
    Threads: 8
    Joined: Dec 2023
    Reputation: 0
#3
09-26-2024, 12:00 PM

understood. so in .env I declare the constant ApiToken and in the controller I can call it.
something like:
DEFINE $token = ASD;

and in controller I can use $token.
Reply
  • Offline Resprommed
    Newbie
  • *
  • Posts: 1
    Threads: 0
    Joined: Jun 2025
    Reputation: 0
#4
06-03-2025, 02:36 AM

(09-22-2024, 02:29 AM)elbambolo Wrote: good morning,
i have a little question.
what is the best way in codeigniter 4  to keep tokens and passwords safe?
for example, in one of my portals, i use PayPal API. Currently i have a sort of config.php where inside i define a constant called: token to which i assign the value.
when i need the token, i call the constant.
the problem is that in case of direct access to the files that are on the server, anyone can see the token in clear.
the other path i had taken was to create a table and insert in MySql all the various tokens of the different services, obviously encrypted in MD5.
in this case, when i need the token, i call it directly through a query.

what do you think is the best method?
is there a safe place in codeigniter to store this type of data?

(09-26-2024, 12:00 PM)elbambolo Wrote: understood. so in .env I declare the constant ApiToken and in the controller I can call it.
something like:
DEFINE $token = ASD;

and in controller I can use $token.
Very cool, I'm also looking for a way to secure API keys in CodeIgniter 4. Have you tried saving tokens in environment variables (.env)? I heard that it's a safe and popular way, but I'm not sure if there's anything special to note with CI4?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB