1Kas
Should I keep this API hash a secret? [closed]
I am using a service called "Lootably", and in order to verify postback requests, they require you to verify using a SHA256 hash, like this:
hash("sha256", userID . ip . revenue . currencyReward . "9Zu4zcAvkKFE789hgfejYJJKGHGGjhe879hejkHUIakHNMqHWEWRhiHJKqw886KEgwh")
(This is an example, it isn't valid).
Would I keep the "9Zu4zcAvkKFE789hgfejYJJKGHGGjhe879hejkHUIakHNMqHWEWRhiHJKqw886KEgwh
" a secret through an environment variable? Could somebody use this to make postback API requests?