When working on code to share with our DevNet Community, one thing I always ask myself is, “what’s the best way to secure my API keys?” I can’t tell you how many times I’ve shared code that contains private sandbox credentials onto GitHub. And, as you know, once it’s on GitHub the only way to get rid of it is either by deleting traces of it (rebasing), or by deleting the entire repo and starting from scratch! The Internet never forgets!
I’ve also realized, while working as part of the team that put together the competency exam for DevNet Partner Specialization, that the partners are expected to properly handle API Token security.
