DEV Community

Discussion on: Best practices to generate and store API keys using Node.js?

Collapse
nagarjun profile image
Nagarjun Palavalli Author

Store keys in plain text in the database? Seems like it might open up some kind of vulnerability.

Collapse
davidszabo97 profile image
Dávid Szabó

I never said you should store them as plain text. Encrypt them and when an API call comes in, decrypt the generated string to find out which access token it is.

Generate an ID for your access token then encrypt("ID" + "creation time") with your app secret.