I have an iOS app that uses an API requiring me to create a PoP token using a clientID (String), clientSecret (String) and a private key (.pem) file.
I realize for security reasons, I should not store these in the app or in the code, but what is the recommended way for my app to store, access and use these items?
Is the private key supposed to be unique for each instance of the app? Or is the private key associated with the app as a whole?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
There is just one private key associated with the app as a whole.
Thanks, JR
Embedded a credential within your app is effectively creating a DRM system: You want to give the user something (your app, which includes the credential) but prevent them from doing things with it (use the credential outside of the app).
DTS does not support non-Apple DRM systems [1]. However, this does come up from time to time here on DevForums. For example, this post.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Apple DRM systems, which are supported by DTS, include FairPlay Streaming and App Attest.
