I have worked with public API’s in only one small project, but I recently learned that if one were to distribute a project with API keys inside this is a security risk.
So I have two questions:
- What does an API key contain that would pose a security risk?
- How does one create an application that makes use of public API’s and distribute that application without posing a security risk?
Surely if someone can reverse engineer the application, they could extract any API keys that are present.
I am a fresh computer science graduate so an explanation of this would be much appreciated.