Storing API Keys

Ethan · 2025-09-18T12:54:09.481+00:00

Hi all,I imagine this is a very noobish question, but I am having trouble finding information on what the best practice is for storing API keys in my app. My app integrates Twilio messaging. All API calls require an header with a key made from encoded to base64. I am not sure where or how to store this, so that it cannot be leaked or accessed by end users.It would be very bad if this was leaked, how should I go about storing it? While testing I'm just building the string in the api call and sending it, but I imagine that is not the correct approach.Any tips/suggestions/resources would be appreciated! I am using Supabase as my database

Ethan
5 months ago
Hi all,

I imagine this is a very noobish question, but I am having trouble finding information on what the best practice is for storing API keys in my app. My app integrates Twilio messaging. All API calls require an Authorization header with a key made from <AccountSid>:<ApiKey> encoded to base64. I am not sure where or how to store this, so that it cannot be leaked or accessed by end users.

It would be very bad if this was leaked, how should I go about storing it? While testing I'm just building the string in the api call and sending it, but I imagine that is not the correct approach.

Any tips/suggestions/resources would be appreciated! I am using Supabase as my database
✅1
salma
5 months ago
Here's some docs!

https://docs.nordcraft.com/guides/security
The TL:DR is use a backend
Ethan
5 months ago
Thanks, from this what I am guessing I should do is instead of calling the APi from my app, call a supabase edge function that then calls the API, and store the key only in the backend
salma
5 months ago
yes exactly!
Ethan
5 months ago
Thanks for the help!
salma
5 months ago
you're welcome!

Storing API Keys

Ethan

salma

Ethan

salma

Ethan

salma