C0d1ng C0d1ng - 2 months ago 19
JSON Question

Safe to use file_get_contents with API Key?

Ok, so i have purchased an API key for a certain service, this service response in a

json
format, and my plan on getting this
json
response was to use
file_get_contents()
like so

$jsonResponse = file_get_contents("https://example.com/exampleapi.php?API_KEY=123456");


So my question is, is this safe and/or secure? Do i need to worry about users using something like
Wireshark
and getting my API key?

Answer

cURL and file_get_contents and other normal methods of HTTP requests should be sending the exactly same information to the server if they are configured in the same way.

What you may be concerned about: * HTTP/HTTPS: https:// isn't supported by file_get_contents in some distributions of PHP. Otherwise, if you use HTTPS, it is relatively more secure, regardless of what function you use to send the request. * GET/POST: I don't think file_get_contents supports POST requests. However, since you are not a browser, the request method doesn't really affect you. If anyone is to intercept the connection, GET and POST won't do much difference. The only thing is that some servers store GET fields, but it's the server's responsibility anyway.