I have an Excel add-in published that allows customers to retrieve/send data from a Spreadsheet to my application. The first add-in screen asks the users to provide valid credentials (of my app) before proceeding. These credentials are a user name and an API Key. Some customers are complaining they need to enter the 40-digit long API key every time they want to use the add-in. My question is: is there a way to safely store these credentials within the add-in? I can't store them on the spreadsheet, since the users just use a temporary one to retrieve/edit the data - and just close Excel after doing it.
CodePudding user response:
I've built something like this and used the PERSONAL.XLSB to address this. Important to note that this is not very secure and anyone who had access to person's laptop/account could probably extract it once saved.
Const namedReference = "userAPI"
Sub storeOnLocalMachine()
Dim theAPIKEY As String, wkbk As Workbook
theAPIKEY = "sample123key" 'maybe have them enter once as inputbox
For Each wkbk In Application.Workbooks
If wkbk.Name = "PERSONAL.XLSB" Then Exit For
Next wkbk
If wkbk Is Nothing Then
'figure out how to open silentely open for user
End If
wkbk.Names.Add Name:=namedReference, RefersToLocal:="=""" & theAPIKEY & """", Visible:=False
wkbk.Save
End Sub
Function retrieveTheAPI() As String
Dim wkbk As Workbook
For Each wkbk In Application.Workbooks
If wkbk.Name = "PERSONAL.XLSB" Then Exit For
Next wkbk
retrieveTheAPI = Evaluate(wkbk.Names(namedReference).RefersTo)
End Function
CodePudding user response:
It's not really unusual to require a passcode of some kind every time a user starts another session with an app. Facebook and most other online services work this way. Is it the sheer length of the key that bothers your users?
At any rate, if the workbook isn't being preserved, then you can't store it in the document and the add-in has no way to store it locally because web apps don't have access to the file system (except for cookies).
You could store the key in a cookie. Another possibility is LocalStorage.