I was suggested to use the nodejs sdk to deal with hashing secret keys and such, but suddenly this turned way more complicated than it needed to be. Also, since my website uses ssl/tls, I can't even call my server because it's self-signed and would have to deal with ssl on a digitalocean droplet -- suddenly it's a bit bigger scope than I thought, so I stopped doing this.
I now need to hide my key without using node. What are my options? I have php, but there's no gamesparks php sdk.
Can anyone give me some flow for this? Bonus points for snippets, but workflow alone would be very helpful -- google has all this obsolete info.
or hmm... i wonder if it would be safe if i put the websparks api offsite (1 dir behind public www), as in
- www (public
And then i stored the key in gamesparks.js - would it be safe?
Or similarly, what if I did this:
I know it's unsafe to store the secret key for the clients to simply CTLR+U and see it,
Is this secure?
hmm i guess you can just use a console and type console.log(secretVar) and it'll show -__- must be php it seems, or some technique i don't know