0

I am currently building a small application which used a public API to get some information. The API doesn't support auto-login in any way (don't know if something like this even exists with APIs), but I don't want the user to have to login every time he uses the app. How can I achieve auto-login, when I need the username and the password of a user to connect to the API?

I thought about hashing but then the login to the API won't work. So maybe encryption is the solution, but firstly I don't know how I could generate and save a safe key and secondly you shouln't encrypt passwords (as you can read in many, many posts and articles). But I don't know what's left.

I don't have much experience with cryptography. Any advice or ideas?

Improve this question

1 Answer 1

Reset to default
1

Since your API has to receive password every time, your application will have to store that password.

I don't see a problem with encrypting passwords and storing them: it beats storing them in clear text, that's for sure. It is a secret and the way you store secrets is by encrypting them.

There are plenty of solutions for this, dedicated to secure storage of user secrets, the choice depends largely on the platform and the technology stack you are using.

For instance, in .NET Core you would typically use Azure Vault for something like this.

Improve this answer
2
  • Would be a good solution if the API supports it. Unfortunally it doesn't. Each time the app is started a new session must be created and when terminating the app, the session MUST be ended (or will be, if no requests are getting send). The API only works with "one-time-session" (if that's a word). Commented Dec 2, 2020 at 22:50
  • Thanks for the answer. Is there any good way to store user credentials locally in Python? Commented Dec 3, 2020 at 7:54

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.