Paypal Express Checkout api credentials - How to store them properly?

Posted by Sequence on Server Fault See other posts from Server Fault or by Sequence
Published on 2012-09-15T00:30:54Z Indexed on 2012/09/15 3:39 UTC
Read the original article Hit count: 472

Filed under:

api

|

credentials

|

paypal

I've been searching the internet and I've come up with a lot of answers of how to store paypal API credentials(Used in Paypal Express Checkout.) They say to hash the credentials using salt. But what I don't understand is how and where to store the salt. If they get access to the salt, can't they just un-hash the credentials? That doesn't seem very secure to me. They say not to hard-code the API credentials, but any other way still seems really vulnerable. Thanks for taking the time to look at my questions. I'd really appreciate help.

© Server Fault or respective owner

Related posts about api

Where does ASP.NET Web API Fit?

as seen on West-Wind - Search for 'West-Wind'
With the pending release of ASP.NET MVC 4 and the new ASP.NET Web API, there has been a lot of discussion of where the new Web API technology fits in the ASP.NET Web stack. There are a lot of choices to build HTTP based applications available now on the stack - we've come a long way from when WebForms… >>> More
An Introduction to ASP.NET Web API

as seen on West-Wind - Search for 'West-Wind'
Microsoft recently released ASP.NET MVC 4.0 and .NET 4.5 and along with it, the brand spanking new ASP.NET Web API. Web API is an exciting new addition to the ASP.NET stack that provides a new, well-designed HTTP framework for creating REST and AJAX APIs (API is Microsoft’s new jargon for a service… >>> More
Introduction to the ASP.NET Web API

as seen on Stephen Walter - Search for 'Stephen Walter'
I am a huge fan of Ajax. If you want to create a great experience for the users of your website – regardless of whether you are building an ASP.NET MVC or an ASP.NET Web Forms site — then you need to use Ajax. Otherwise, you are just being cruel to your customers. We use Ajax extensively in… >>> More
Introduction to the ASP.NET Web API

as seen on Stephen Walter - Search for 'Stephen Walter'
I am a huge fan of Ajax. If you want to create a great experience for the users of your website – regardless of whether you are building an ASP.NET MVC or an ASP.NET Web Forms site — then you need to use Ajax. Otherwise, you are just being cruel to your customers. We use Ajax extensively in… >>> More
How can I setup dependencies for Axis2 / Axiom on Maven2

as seen on Stack Overflow - Search for 'Stack Overflow'
I've tried the following settings on pom.xml to use Axis2 wsdl2code: <dependencies> <dependency> <groupId>org.apache.axis2</groupId> <artifactId>axis2</artifactId> <version>1.5.1</version> </dependency> </dependencies> ... <build> … >>> More

Related posts about credentials

Why must we "change temporary credentials for token credentials" in OAuth?

as seen on Stack Overflow - Search for 'Stack Overflow'
Can't the server just "upgrade" the temporary credentials to token credentials and retain the same key and secret? The client can then start doing authenticated calls right away after the recieving the callback from the server stating that the temporary credentials has been "upgraded". Of cause… >>> More
MS SQL - Problem running SQL Server Agent Job via service account credentials

as seen on Server Fault - Search for 'Server Fault'
There are 5 steps in this job. First job is an SSIS Package store, second to fifth are file system jobs. We configured all jobs to use Windows Authentication. Under Run As, we specified a user account which was created under SecurityCredentials and SQL Server AgentProxiesSSIS Package execution. The… >>> More
CertificateServicesClient-CredentialRoaming error 1005

as seen on Server Fault - Search for 'Server Fault'
We have a Microsoft Team Foundation Server (Single Server Installation, i.e. Microsoft SQL Server 2008, Microsoft Windows SharePonint Services 3.0) installed on a Windows Server 2008 machine. The TFS works fine, but there are error events logged frequently: Log Name: Application Source: … >>> More
IIS6.0 asking for credentials after MS Updates

as seen on Server Fault - Search for 'Server Fault'
We have an IIS6.0 Server running on a Windows 2003 Server. Last weekend it went though maintenance, and updated a quite a few Windows updates, it is now brought up to current updates (as of March 29th). Previous to these updates we could connect to the Web page via the hostname or via a alias (there… >>> More
Windows 7 - Change User Logged into Network Share

as seen on Super User - Search for 'Super User'
When connecting to a server, even if the "Remember my credentials" check box is not selected, Windows remembers the password until you log out. Is there any way to switch user/password for a share without logging out and back in? >>> More