Rotating String API Key

Privacy & Security General
caleb_ras OP
Created 22h
Replies 1
Boosts 0
Views 49
Participants 2
This post is from the WWDC26 Privacy & Security Q&A.

For a Swift package that requires app developers to set a String API key at the app level (one key per app, not per user), what is Apple’s recommended approach for allowing those keys to be securely rotated without requiring an App Store redeploy?

Replies  1
Boosts  0
Views  49
Participants  2
DTS Engineer OP
Apple
22h

We recommend to not store secrets within your application. Exposing secrets to your application could lead to them leaking. Rather, keep API secrets within a server, and use App Attest to confirm the request is coming from your app: https://developer.apple.com/documentation/devicecheck/establishing-your-app-s-integrity .

Rotating String API Key
First post date Last post date
 
 
Q