Secure API token handling in Windows app: the token is needed to authenticate the requests to a backend server
I'm currently working on a UWP app that involves validating redemption codes against a Cloudflare KV storage backend. That's all the backend server is for.
I want the app to check the redemption code against Cloudflare KV using an API token. However, I don't know how to handle this API token securely.
I want to avoid embedding the API token directly in the source code to prevent unauthorized access. How can I securely store and retrieve the API token on the client side?
Or better, how can I securely store and retrieve the API token on the server side without creating a circular dependency? (Remember that the app is a local app that needs an API token to authenticate access to Cloudflare.)
So far, I've thought of creating a configuration file with the API token encrypted beforehand. However, the app would need the encryption key to decrypt the API token. Hence, I'd face the same problem with securing the encryption key, generating a vicious cycle.
